Msrc Windows Server Version 1803 vulnerabilities

CVE-2019-0572 [HIGH] Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system.

CVE-2019-0553 [MEDIUM] Windows Subsystem for Linux Information Disclosure Vulnerability Windows Subsystem for Linux Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. A attacker could exploit this vulnerability by running a specially crafted application. The

CVE-2018-8626 [CRITICAL] Windows DNS Server Heap Overflow Vulnerability Windows DNS Server Heap Overflow Vulnerability Description: A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulne

CVE-2018-8599 [HIGH] Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could e

CVE-2018-8612 [MEDIUM] Connected User Experiences and Telemetry Service Denial of Service Vulnerability Connected User Experiences and Telemetry Service Denial of Service Vulnerability Description: A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality. To exploit this vulnerability, an attacker would hav

CVE-2018-8637 [MEDIUM] Win32k Information Disclosure Vulnerability Win32k Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. To exploit this vulnerability, an attacker would have to log on to

CVE-2018-8634 [HIGH] Microsoft Text-To-Speech Remote Code Execution Vulnerability Microsoft Text-To-Speech Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use

CVE-2018-8561 [HIGH] DirectX Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have t

CVE-2018-8485 [HIGH] DirectX Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have t

CVE-2018-8476 [CRITICAL] Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could c

CVE-2018-8450 [HIGH] Windows Search Remote Code Execution Vulnerability Windows Search Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, the attacker could send

CVE-2018-8584 [HIGH] Windows ALPC Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user ri

CVE-2018-8554 [HIGH] DirectX Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have t

CVE-2018-8547 [MEDIUM] Active Directory Federation Services XSS Vulnerability Active Directory Federation Services XSS Vulnerability Description: A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected AD FS serv

CVE-2018-8417 [MEDIUM] Microsoft JScript Security Feature Bypass Vulnerability Microsoft JScript Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. To exploit the vulnerability, an attacker would first have to access the local machine, and run a specially crafted application to create arbitrary COM objects. The update addresses the vulnerability by correcting how Microsoft JS

CVE-2018-8566 [MEDIUM] BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot. The security

CVE-2018-8549 [MEDIUM] Windows Security Feature Bypass Vulnerability Windows Security Feature Bypass Vulnerability Description: A security feature bypass exists when Windows incorrectly validates kernel driver signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed drivers into the kernel. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed drivers from being loaded by the

CVE-2018-8454 [MEDIUM] Windows Audio Service Information Disclosure Vulnerability Windows Audio Service Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of a elevated process. To exploit this vulnerability, an authenticated attacker could run a specially crafted application in us

CVE-2018-8408 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses t

CVE-2018-8329 [HIGH] Linux On Windows Elevation Of Privilege Vulnerability Linux On Windows Elevation Of Privilege Vulnerability Description: An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with f