This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
Adobe Flash Player | ADV180007 | April 2018 Adobe Flash Security Update |
Internet Explorer | CVE-2018-0870 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2018-1018 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2018-0997 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2018-0991 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2018-1020 | Internet Explorer Memory Corruption Vulnerability |
Microsoft Browsers | CVE-2018-1023 | Microsoft Browser Memory Corruption Vulnerability |
Microsoft Devices | CVE-2018-8117 | Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability |
Microsoft Edge | CVE-2018-0892 | Microsoft Edge Information Disclosure Vulnerability |
Microsoft Edge | CVE-2018-0998 | Microsoft Edge Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2018-1009 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2018-1016 | Microsoft Graphics Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2018-1012 | Microsoft Graphics Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2018-1010 | Microsoft Graphics Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2018-1015 | Microsoft Graphics Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2018-1013 | Microsoft Graphics Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2018-1003 | Microsoft JET Database Engine Remote Code Execution Vulnerability |
Microsoft Malware Protection Engine | CVE-2018-0986 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-1028 | Unknown |
Microsoft Office | CVE-2018-1026 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-1027 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-1029 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-1005 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-1034 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-1030 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0950 | Microsoft Office Information Disclosure Vulnerability |
Microsoft Office | CVE-2018-0920 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-1007 | Microsoft Office Information Disclosure Vulnerability |
Microsoft Office | CVE-2018-1011 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-1032 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-1014 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Scripting Engine | CVE-2018-0981 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2018-0979 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-1019 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0980 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0993 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0994 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0990 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0987 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2018-0988 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0995 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-1001 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-1004 | Windows VBScript Engine Remote Code Execution Vulnerability |
Microsoft Scripting Engine | CVE-2018-0989 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2018-1000 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2018-0996 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows | CVE-2018-0890 | Active Directory Security Feature Bypass Vulnerability |
Microsoft Windows | CVE-2018-0966 | Device Guard Security Feature Bypass Vulnerability |
Microsoft Windows | CVE-2018-0967 | Windows SNMP Service Denial of Service Vulnerability |
Microsoft Windows | CVE-2018-0963 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2018-0887 | Windows Kernel Information Disclosure Vulnerability |
Microsoft Windows | CVE-2018-8116 | Microsoft Graphics Component Denial of Service Vulnerability |
Visual Studio | CVE-2018-1037 | Microsoft Visual Studio Information Disclosure Vulnerability |
Windows Hyper-V | CVE-2018-0964 | Hyper-V Information Disclosure Vulnerability |
Windows Hyper-V | CVE-2018-0957 | Hyper-V Information Disclosure Vulnerability |
Windows IIS | CVE-2018-0956 | HTTP.sys Denial of Service Vulnerability |
Windows Kernel | CVE-2018-1008 | OpenType Font Driver Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2018-0960 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0973 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0972 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0975 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0974 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0971 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0969 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0968 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0970 | Windows Kernel Information Disclosure Vulnerability |
Windows RDP | CVE-2018-0976 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0887 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel initializes memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0887 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0887 | fanxiaocao and pjf of IceSword Lab , Qihoo 360 https://twitter.com/TinySecEx,http://weibo.com/jfpan |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0890 MITRE NVD |
CVE Title: Active Directory Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings. To exploit this vulnerability, an attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could bypass firewall policies applied to Modern Applications. This update corrects the security feature’s behavior by correcting how Active Directory manages Network Isolation policies applied to Modern Applications. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0890 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Security Feature Bypass | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Security Feature Bypass | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Security Feature Bypass | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Security Feature Bypass | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Security Feature Bypass | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0890 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0892 MITRE NVD |
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0892 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4093119 (Security Update) | Low | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0892 | Liu Long of Qihoo 360Vulcan Team http://www.360.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0956 MITRE NVD |
CVE Title: HTTP.sys Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP 2.0 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0956 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Denial of Service | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Denial of Service | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Denial of Service | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Denial of Service | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Denial of Service | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Denial of Service | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0956 | Benjamin Kearns of Lateral Security https://www.lateralsecurity.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0957 MITRE NVD |
CVE Title: Hyper-V Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0957 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0957 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0960 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0960 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0960 | fanxiaocao and pjf of IceSword Lab , Qihoo 360 https://twitter.com/TinySecEx,http://weibo.com/jfpan |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0963 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0963 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Elevation of Privilege | 4088787 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Elevation of Privilege | 4088787 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Elevation of Privilege | 4088782 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Elevation of Privilege | 4088782 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Elevation of Privilege | 4088776 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Elevation of Privilege | 4088776 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Elevation of Privilege | 4088787 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Elevation of Privilege | 4088787 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Elevation of Privilege | 4088776 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0963 | Honggang Ren of Fortinet's FortiGuard Labs http://www.fortiguard.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0964 MITRE NVD |
CVE Title: Hyper-V Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0964 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 7.20 Temporal: 6.50 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0964 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0966 MITRE NVD |
CVE Title: Device Guard Security Feature Bypass Vulnerability
Description: A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0966 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Security Feature Bypass | 4088786 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Security Feature Bypass | 4088786 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Security Feature Bypass | 4088779 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Security Feature Bypass | 4088779 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Security Feature Bypass | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Security Feature Bypass | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Security Feature Bypass | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Security Feature Bypass | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Security Feature Bypass | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Security Feature Bypass | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0966 | James Forshaw of Google Project Zero http://www.google.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0967 MITRE NVD |
CVE Title: Windows SNMP Service Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows SNMP Service processes SNMP traps. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0967 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Denial of Service | 4088786 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Denial of Service | 4088786 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Denial of Service | 4088779 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Denial of Service | 4088779 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Denial of Service | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Denial of Service | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Denial of Service | 4088876 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4091756 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4091756 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4091756 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4091756 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4091756 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Denial of Service | 4088877 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Denial of Service | 4088877 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0967 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0968 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0968 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0968 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0969 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0969 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0969 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0976 MITRE NVD |
CVE Title: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Description: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0976 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Denial of Service | 4088786 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Denial of Service | 4088786 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Denial of Service | 4088779 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Denial of Service | 4088779 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Denial of Service | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Denial of Service | 4088782 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Denial of Service | 4088876 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093227 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093227 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093227 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093227 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093227 (Security Update) | Important | Denial of Service | None | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Denial of Service | 4088875 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Denial of Service | 4088877 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Denial of Service | 4088877 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Denial of Service | 4088876 |
Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Denial of Service | 4088787 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Denial of Service | 4088776 | Base: 5.30 Temporal: 4.80 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0976 | Markku Rossi https://www.linkedin.com/in/markkurossi/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0970 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0970 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0970 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0971 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0971 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0971 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0972 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0972 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0972 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0973 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0973 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0973 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0974 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0974 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0974 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0975 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0975 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | 4073080 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093478 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Information Disclosure | 4088875 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Information Disclosure | 4088877 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Information Disclosure | 4088876 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0975 | Mateusz Jurczyk of Google Project Zero https://www.google.com |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0987 MITRE NVD |
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0987 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4093123 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Information Disclosure | 4088877 4089187 |
Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088875 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088875 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088876 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088876 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Information Disclosure | 4088875 4089187 |
Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Information Disclosure | 4088876 4089187 |
Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Low | Information Disclosure | 4088787 | Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4092946 (IE Cumulative) | Low | Information Disclosure | 4089187 | Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4092946 (IE Cumulative) | Low | Information Disclosure | 4089187 | Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0987 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ Anonymous working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0988 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0988 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4093123 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088877 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Critical | Remote Code Execution | 4088876 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088875 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088876 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Moderate | Remote Code Execution | 4088787 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4092946 (IE Cumulative) | Moderate | Remote Code Execution | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4092946 (IE Cumulative) | Moderate | Remote Code Execution | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0988 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0989 MITRE NVD |
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0989 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4093123 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Information Disclosure | 4088877 4089187 |
Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Information Disclosure | 4088786 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Information Disclosure | 4088779 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088875 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088875 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088876 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Information Disclosure | 4088876 4089187 |
Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Information Disclosure | 4088876 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Information Disclosure | 4088875 4089187 |
Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Information Disclosure | 4088876 4089187 |
Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Low | Information Disclosure | 4088787 | Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4092946 (IE Cumulative) | Low | Information Disclosure | 4089187 | Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4092946 (IE Cumulative) | Low | Information Disclosure | 4089187 | Base: 2.40 Temporal: 2.20 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0989 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0990 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0990 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Only) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4093119 (Security Update) | Moderate | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0990 | Wei of Qihoo 360 Vulcan Team https://www.360.cn |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0991 MITRE NVD |
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0991 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4093123 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088877 4089187 |
Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088875 4089187 |
Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088875 4089187 |
Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088876 4089187 |
Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088876 4089187 |
Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Critical | Remote Code Execution | 4088876 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088875 4089187 |
Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088876 4089187 |
Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Moderate | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0991 | Wei of Qihoo 360 Vulcan Team https://www.360.cn |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0993 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0993 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Only) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4093119 (Security Update) | Moderate | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0993 | Wei of Qihoo 360 Vulcan Team https://www.360.cn |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0994 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0994 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Only) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4093119 (Security Update) | Moderate | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0994 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0995 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0995 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Only) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4093119 (Security Update) | Moderate | Remote Code Execution | 4088787 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0995 | hungtt28 of Viettel Cyber Security https://twitter.com/hungtt28/,http://viettel.com.vn/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0996 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0996 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4093123 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088877 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Critical | Remote Code Execution | 4088876 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088875 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Remote Code Execution | 4088876 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Moderate | Remote Code Execution | 4088787 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4092946 (IE Cumulative) | Moderate | Remote Code Execution | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4092946 (IE Cumulative) | Moderate | Remote Code Execution | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0996 | Anonymous working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0997 MITRE NVD |
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0997 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Remote Code Execution | 4088876 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Remote Code Execution | 4088875 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Remote Code Execution | 4088876 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Low | Remote Code Execution | 4088787 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0997 | Yuki Chen of Qihoo 360 Vulcan Team http://www.360.com/ |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0998 MITRE NVD |
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0998 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Information Disclosure | 4088782 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Information Disclosure | 4088776 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O |
Yes |
Microsoft Edge on Windows Server 2016 | 4093119 (Security Update) | Low | Information Disclosure | 4088787 | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0998 | Abdulrahman Al-Qabandi ”https://twitter.com/Qab” |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-1000 MITRE NVD |
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Moderate | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-1000 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4093123 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Information Disclosure | 4088877 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Information Disclosure | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Information Disclosure | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Information Disclosure | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Information Disclosure | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Information Disclosure | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Information Disclosure | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Information Disclosure | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Information Disclosure | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Information Disclosure | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Information Disclosure | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Information Disclosure | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Information Disclosure | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Information Disclosure | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Critical | Information Disclosure | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Critical | Information Disclosure | 4088876 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Information Disclosure | 4088875 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Moderate | Information Disclosure | 4088876 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Moderate | Information Disclosure | 4088787 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4092946 (IE Cumulative) | Moderate | Information Disclosure | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4092946 (IE Cumulative) | Moderate | Information Disclosure | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-1000 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-1001 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-1001 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 10 on Windows Server 2012 | 4093123 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Remote Code Execution | 4088877 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Remote Code Execution | 4088786 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Remote Code Execution | 4088779 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Remote Code Execution | 4088782 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Remote Code Execution | 4088776 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088875 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Important | Remote Code Execution | 4088876 4089187 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Remote Code Execution | 4088876 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093118 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Remote Code Execution | 4088875 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4092946 (IE Cumulative) |
Low | Remote Code Execution | 4088876 4089187 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4093119 (Security Update) | Low | Remote Code Execution | 4088787 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4092946 (IE Cumulative) | Low | Remote Code Execution | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4092946 (IE Cumulative) | Low | Remote Code Execution | 4089187 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-1001 | Anonymous working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-1003 MITRE NVD |
CVE Title: Microsoft JET Database Engine Remote Code Execution Vulnerability
Description: A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, a user must open or preview a specially crafted Excel file while using an affected version of Microsoft Windows. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Excel file to the user, and then convincing the user to open the file. The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-1003 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Important | Remote Code Execution | 4088786 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Important | Remote Code Execution | 4088786 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Important | Remote Code Execution | 4088779 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Important | Remote Code Execution | 4088779 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Important | Remote Code Execution | 4088782 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Important | Remote Code Execution | 4088782 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Important | Remote Code Execution | 4088776 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Important | Remote Code Execution | 4088776 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Remote Code Execution | 4088875 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Remote Code Execution | 4088875 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Remote Code Execution | 4088876 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Remote Code Execution | 4088876 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Important | Remote Code Execution | 4088876 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4093257 (Security Update) | Important | Remote Code Execution | None | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4093257 (Security Update) | Important | Remote Code Execution | None | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4093257 (Security Update) | Important | Remote Code Execution | None | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4093257 (Security Update) | Important | Remote Code Execution | None | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Remote Code Execution | 4088875 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Remote Code Execution | 4088875 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Important | Remote Code Execution | 4088875 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Remote Code Execution | 4088877 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Important | Remote Code Execution | 4088877 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Remote Code Execution | 4088876 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Important | Remote Code Execution | 4088876 |
Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4093119 (Security Update) | Important | Remote Code Execution | 4088787 | Base: 7.10 Temporal: 6.40 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-1003 | Honggang Ren of Fortinet's FortiGuard Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-1004 MITRE NVD |
CVE Title: Windows VBScript Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-04-10T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-1004 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4092946 (IE Cumulative) | Critical | Remote Code Execution | 4089187 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4092946 (IE Cumulative) | Critical | Remote Code Execution | 4089187 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 for 32-bit Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4093111 (Security Update) | Critical | Remote Code Execution | 4088786 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4093109 (Security Update) | Critical | Remote Code Execution | 4088779 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4093119 (Security Update) | Critical | Remote Code Execution | 4088787 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4093107 (Security Update) | Critical | Remote Code Execution | 4088782 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4093112 (Security Update) | Critical | Remote Code Execution | 4088776 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Critical | Remote Code Execution | 4088875 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Critical | Remote Code Execution | 4088875 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Critical | Remote Code Execution | 4088876 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4093114 (Monthly Rollup) 4093115 (Security Only) |
Critical | Remote Code Execution | 4088876 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4093114 (Monthly Rollup) | Critical | Remote Code Execution | 4088876 | Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Critical | Remote Code Execution | 4088875 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Critical | Remote Code Execution | 4088875 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4093108 (Security Only) 4093118 (Monthly Rollup) |
Critical | Remote Code Execution | 4088875 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Critical | Remote Code Execution | 4088877 |
Base: 5.00 Temporal: 4.50 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4093122 (Security Only) 4093123 (Monthly Rollup) |
Critical | Remote Code Execution | 4088877 |
Ba |