SB2018010402 - Multiple vulnerabilities in Microsoft Windows kernel
Published: January 4, 2018
Security Bulletin ID
SB2018010402
Severity
Low
Patch available
YES
Number of vulnerabilities
7
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-0746)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to an error which can lead to ASLR bypass . A local user can retrieve the memory address of a kernel object and bypass ASLR protection mechanism.2) Information disclosure (CVE-ID: CVE-2018-0747)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to an error which can lead to ASLR bypass . A local user can retrieve the memory address of a kernel object and bypass ASLR protection mechanism.3) Privilege escalation (CVE-ID: CVE-2018-0748)
The vulnerability allows a local user to escalate privileges on the system.The vulnerability exists due to the way Windows Kernel API enforces permissions. A local user can use a specially crafted application to impersonate processes, interject cross-process communication, or interrupt system functionality.
4) Privilege escalation (CVE-ID: CVE-2018-0751)
The vulnerability allows a local user to escalate privileges on the system.The vulnerability exists due to the way Windows Kernel API enforces permissions. A local user can use a specially crafted application to impersonate processes, interject cross-process communication, or interrupt system functionality.
5) Privilege escalation (CVE-ID: CVE-2018-0752)
The vulnerability allows a local user to escalate privileges on the system.The vulnerability exists due to the way Windows Kernel API enforces permissions. A local user can use a specially crafted application to impersonate processes, interject cross-process communication, or interrupt system functionality.
6) Memory corruption (CVE-ID: CVE-2018-0744)
The vulnerability allows a local user to escalate privileges on the system.The vulnerability exists due to a boundary error in Windows kernel. A local user can use a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with SYSTEM privileges.
7) Information disclosure (CVE-ID: CVE-2018-0745)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to an error which can lead to ASLR bypass . A local user can retrieve the memory address of a kernel object and bypass ASLR protection mechanism.Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0746
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0747
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0748
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0751
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0752
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0744
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745