Vulnerability

CERT-In Vulnerability Note CIVN-2018-0215
Multiple Vulnerabilities in Microsoft Windows

Original Issue Date:December 14, 2018

Severity Rating: HIGH

Software Affected

Windows 7 for 32-bit and x64-based Systems Service Pack 1
Windows 10 for 32-bit and x64-based Systems
Windows 10 Version 1607 for 32-bit and for x64-based Systems
Windows 10 Version 1703 for 32-bit and x64-based Systems
Windows 10 Version 1709 for 32-bit and x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit and x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit and x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows RT 8.1
Windows 8.1 for 32-bit and x64-based systems
Windows Server 2008 for 32-bit and x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems SP 1 (Server Core installation)
Windows Server 2012 & R2 & R2(Server Core installation)
Windows Server 2016 & Server 2016 (Server Core installation)
Windows Server 2019 & Server 2019 (Server Core installation)
Windows Server, version 1709 & version 1803 (Server Core Installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Azure Pack Rollup 13.1

Overview

Multiple vulnerabilities have been reported in Microsoft Windows, which could allow an attacker to access sensitive information, execute arbitrary code, denial of service and gain elevated privileges on the targeted system.

Description

1. Microsoft Windows Kernel Information Disclosure Vulnerability ( CVE-2018-8477   CVE-2018-8621   CVE-2018-8622   )

Multiple information disclosure vulnerabilities exist in Microsoft Windows due to improper handling of objects in memory by the Windows kernel. An attacker could exploit these vulnerabilities by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information to further compromise the users targeted system.

2. Microsoft Remote Procedure Call Runtime Information Disclosure Vulnerability ( CVE-2018-8514   CVE-2018-8596   )

An information disclosure vulnerability exists in Microsoft Windows due to improper initializing objects in memory by the Remote Procedure call (RPC) runtime function. An authenticated attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information to further compromise the users targeted system.

3. Microsoft Windows GDI Information Disclosure Vulnerability ( CVE-2018-8595   )

Multiple information disclosure vulnerabilities exist in Microsoft Windows due to improper handling of objects in memory by the Windows Graphics Device Interface (GDI) component. A remote attacker could exploit these vulnerabilities by convincing a user to open a specially crafted document or visit an untrusted webpage. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information to further compromise the users targeted system.

4. Diagnostics Hub Standard Collector Service Privilege Escalation Vulnerability ( CVE-2018-8599   )

An elevation of privilege vulnerability exists in Microsoft Windows due to improper handling of file operations by the Diagnostics Hub Standard Collector Service. A remote attacker could exploit this vulnerability by accessing the vulnerable system with unprivileged access. Successful exploitation of this vulnerability could allow an attacker to gain elevated privileges on the targeted system.

5. Microsoft Windows Kernel Privilege Escalation Vulnerability ( CVE-2018-8611   )

An elevation of privilege vulnerability exists in Microsoft windows due to improper handling of objects in memory by the Windows kernel. A remote attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in kernel mode and gain elevated privileges on the targeted system.

6. Connected User Experiences and Telemetry Service Denial of Service Vulnerability ( CVE-2018-8612   )

A Denial Of Service vulnerability exists in Microsoft Windows due to improper validating function values by the Connected User Experiences and Telemetry Service. A remote attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of this vulnerability could deny dependent security feature functionality and allow an attacker to cause denial of Service on the targeted system.

7. Microsoft Windows DNS Server Heap Buffer Overflow Vulnerability ( CVE-2018-8626   )

A remote code execution vulnerability exists in Microsoft Windows due to improper handling requests by the Windows Domain Name System (DNS) Server. An unauthenticated attacker could exploit this vulnerability by sending malicious requests to a windows DNS server. Successful exploitation of this vulnerability could allow the attacker to execute remote code on the targeted system.
Note: Windows servers that are configured as DNS servers are at risk from this vulnerability.

8. Microsoft Windows Text-To-Speech Remote Code Execution Vulnerability ( CVE-2018-8634   )

A remote code execution vulnerability exists in Microsoft Windows due to improper handling of objects in memory by Microsoft text-to-speech service. A remote attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and take control of the affected system.

9. Microsoft windows Win32k Information Disclosure Vulnerability ( CVE-2018-8637   )

An information disclosure vulnerability exists in Microsoft Windows due to improper handling of objects in memory by the Windows Kernel. A remote attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass on the targeted system.

10. Microsoft windows DirectX Information Disclosure Vulnerability ( CVE-2018-8638   )

An information disclosure vulnerability exists in Microsoft Windows due to improper handling of objects in memory by the Windows DirectX. A remote attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information to further compromise the users targeted system.

11. Microsoft Windows Win32k Privilege Escalation Vulnerability ( CVE-2018-8639   CVE-2018-8641   )

An information disclosure vulnerability exists in Microsoft Windows due to improper handling of objects in memory by the Windows Win32k component. A remote attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in kernel mode and gain elevated privileges on the targeted system.

12. Microsoft Windows Denial of Service Vulnerability ( CVE-2018-8649   )

A Denial Of Service vulnerability exists in Microsoft Windows due to improper handling of objects in memory by the affected software. A remote attacker could exploit this vulnerability by logging on to the targeted system and run a specially crafted application on to the targeted system. Successful exploitation of this vulnerability could stop responding the targeted system and allow an attacker to cause denial of Service on the targeted system.

13. Microsoft Windows Azure Pack Cross Site Scripting Vulnerability ( CVE-2018-8652   )

A Cross-site Scripting (XSS) vulnerability exists in Microsoft Windows due to improper handling user input by the Windows Azure Pack. An authenticated attacker could exploit this vulnerability by sending a specially crafted payload to the web interface. Successful exploitation of this vulnerability could allow an attacker to perform cross-site scripting attacks on the targeted system and run script in the security context of the current user to launch the further attacks.

Solution

Apply appropriate software fixes as available on the vendor website.
https://portal.msrc.microsoft.com/en-US/security-guidance

Vendor Information

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance

References

Security Focus
https://www.securityfocus.com/bid/106081
https://www.securityfocus.com/bid/106083
https://www.securityfocus.com/bid/106079
https://www.securityfocus.com/bid/106082
https://www.securityfocus.com/bid/106076
https://www.securityfocus.com/bid/106085
https://www.securityfocus.com/bid/106088

CVE Name
CVE-2018-8477
CVE-2018-8621
CVE-2018-8622
CVE-2018-8514
CVE-2018-8595
CVE-2018-8596
CVE-2018-8599
CVE-2018-8611
CVE-2018-8612
CVE-2018-8626
CVE-2018-8634
CVE-2018-8637
CVE-2018-8638
CVE-2018-8639
CVE-2018-8641
CVE-2018-8649
CVE-2018-8652

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India