Msrc Windows 10 For 32-Bit Systems vulnerabilities

CVE-2018-8231 [HIGH] HTTP Protocol Stack Remote Code Execution Vulnerability HTTP Protocol Stack Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. To exploit the vulnerability, in most situations, an unauthenticated attacker could send a specially craft

CVE-2018-8221 [MEDIUM] Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the

CVE-2018-8216 [MEDIUM] Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the

CVE-2018-8217 [MEDIUM] Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the

CVE-2018-8212 [MEDIUM] Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the

CVE-2018-8215 [MEDIUM] Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the

CVE-2018-8226 [HIGH] HTTP.sys Denial of Service Vulnerability HTTP.sys Denial of Service Vulnerability Description: A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an attacker could send a specially crafted HTTP p

CVE-2018-8201 [MEDIUM] Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Device Guard Code Integrity Policy Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the

CVE-2018-8209 [HIGH] Windows Wireless Network Profile Information Disclosure Vulnerability Windows Wireless Network Profile Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user. An authenticated attacker who successfully exploited the vulnerability could access the Wireless LAN profile of an administrative user, including passwords for wireless networks. An

CVE-2018-8165 [HIGH] DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a special

CVE-2018-8134 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. T

CVE-2018-8129 [MEDIUM] Windows Security Feature Bypass Vulnerability Windows Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The u

CVE-2018-8132 [MEDIUM] Windows Security Feature Bypass Vulnerability Windows Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The u

CVE-2018-0958 [MEDIUM] Windows Security Feature Bypass Vulnerability Windows Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The u

CVE-2018-0854 [MEDIUM] Windows Security Feature Bypass Vulnerability Windows Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious

CVE-2018-0956 [HIGH] HTTP/2 Server Denial of Service Vulnerability HTTP/2 Server Denial of Service Vulnerability Description: A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a sp

CVE-2018-1009 [HIGH] Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attacker

CVE-2018-0968 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would

CVE-2018-0966 [LOW] Device Guard Security Feature Bypass Vulnerability Device Guard Security Feature Bypass Vulnerability Description: A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute. In an attack scenario

CVE-2018-0977 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera