Addresses an information disclosure vulnerability in the Windows Kernel. This vulnerability is documented in CVE-2018-8141. It is applicable only for Windows 10 Version 1709 and Windows Server Version 1709 (Server Core).
Windows 10 security updates May 8, 2018
Security updates to Microsoft Edge, Internet Explorer, Microsoft scripting engine, Windows app platform and frameworks, Device Guard, Windows kernel, Microsoft Graphics Component, Windows storage and filesystems, Windows Hyper-V, Windows virtualization and kernel, HTML help, and Windows Server.
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. (CVE-2018-0824)A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. (CVE-2018-0854)A remote code execution vulnerability exists in the way that Windows handles objects in memory. (CVE-2018-8136)A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. (CVE-2018-0958)A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2018-0959,CVE-2018-0961)An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. (CVE-2018-8124)A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. (CVE-2018-8129, CVE-2018-8132)An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. (CVE-2018-8134)An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. (CVE-2018-8164)An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. (CVE-2018-8165)An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. (CVE-2018-8166)An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. (CVE-2018-8167)An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. (CVE-2018-8897, CVE-2018-8127,CVE-2018-8141, CVE-2018-8170,CVE-2018-8142)A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. (CVE-2018-1035)The following are actively exploited in the wildCVE 2018-8174, a remote code execution vulnerability in the VBScript Engine.CVE 2018:8120, a privilege escalation vulnerability in Win32k.Note: CVE-2018-0963 has been addressed for Windows 10 1709 only in May Updates. QID Detection Logic (Authenticated): Operating Systems: Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8.1, Windows RT 8.1, Windows10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 This QID checks for following file versions %windir%\System32\Win32k.sys for all affected OS except Windows 10 and Windows 16:The patch version of 6.0.6002.24344 (KB4131188) The patch version of 6.1.7601.24093 (KB4103712 or KB4103718) The patch version of 6.2.9200.22413 (KB4103726 or KB4103730) The patch version of 6.3.9600.18979 (KB4103725 or KB4103715) This QID checks for following file versions %windir%\System32\Win32kfull.sys for Windows 10 and Windows 16:The patch version of 10.0.10240.17861 (KB4103716)The patch version of 10.0.14393.2248 (KB4103723)The patch version of 10.0.15063.1088 (KB4103731 )The patch version of 10.0.16299.431 (KB4103727)The patch version of 10.0.17134.48 (KB4103721) This QID checks for following files and its versions for Windows 2008 SP2:The patch version of %windir%\System32\Clfs.sys 6.0.6002.24361 (KB4130944)The patch version of %windir%\System32\drivers\Vmms.exe 6.0.6002.24362 (KB4094079) The patch version of %windir%\system32\Advapi32.dll 6.0.6002.24367 (KB4134651) The patch version of %windir%\System32\Comsvcs.dll 2001.12.6932.24363 (KB4101477)The patch version of %windir%\System32\Hhsetup.dll 6.0.6002.24396 (KB4130956)ConsequenceSuccessful exploitation allows an attacker to execute arbitrary code and take control of an affected system.SolutionCustomers are advised to refer to Microsoft Security Guidance for more details pertaining to this vulnerability.Patches:The following are links for downloading patches to fix these vulnerabilities:KB4093107KB4093112KB4093119KB4094079KB4101477KB4103712KB4103715KB4103716KB4103718KB4103721KB4103723KB4103725KB4103726KB4103727KB4103730KB4103731KB4130944KB4130956KB4131188
KB Articles associated with the update:1) KB41037232) KB41037163) KB41037314) KB41037275) KB4103721Note: CVE-2018-0993 has been addressed for Windows 10 1507 only in May Updates. For remaining Windows versions please refer to April 2018 updatesQID Detection Logic (Authenticated):Operating Systems: Windows 10 (1507, 1607, 1703, 1709 and 1803) and Windows Server 2016This QID checks for the file version of %windir%\System32\edgehtml.dllThe following KBs are checked:The patch version is 11.0.10240.17861 (KB4103716)The patch version is 11.0.14393.2248 (KB4103723)The patch version is 11.0.15063.1088 (KB4103731)The patch version is 11.0.16299.431 (KB4103727)The patch version is 11.0.17134.48(KB4103727)ConsequenceSuccessful exploitation of the vulnerability allows:1) Remote Code Execution 2) Information Disclosure 2) Security Feature Bypass SolutionFor more information, customers are advised to refer the Security Update Guide.Patches:The following are links for downloading patches to fix these vulnerabilities:Microsoft Security Update Guide
A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. (CVE-2018-0765)KB4095512,KB4095513,KB4095514,KB4095515,KB4095517,KB4095518,KB4095519,KB4095872,KB4095873,KB4095874,KB4095875,KB4095876,KB4096235,KB4096236,KB4096237,KB4096416,KB4096417,KB4096418,KB4096494,KB4096495,KB4103716,KB4103721,KB4103723,KB4103727,KB4103731 are covered in this QIDThis security update is rated Important for supported versions of Microsoft .NET Framework.QID Detection Logic (Authenticated):This QID checks for the vulnerable file version of system.security.dllConsequenceSuccessful exploitation allows an attacker to cause denial of service and bypass the security features.SolutionCustomers are advised to refer to Microsoft Security Guidance for more details pertaining to this vulnerability.Patches:The following are links for downloading patches to fix these vulnerabilities:.NET Framework May 2018
This security updates contain following KBs:KB2899590KB3114889KB3162075KB3172436KB4018308KB4018327KB4018381KB4018382KB4018383KB4018388KB4018390KB4018393KB4018396KB4018398KB4018399KB4022130KB4022135KB4022137KB4022139KB4022141KB4022142KB4022145KB4022146KB4022150QID Detection Logic:This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system.ConsequenceAn attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.SolutionCustomers are advised to refer to Microsoft Security Guidance for more details pertaining to this vulnerability.Patches:The following are links for downloading patches to fix these vulnerabilities:Microsoft Office and Microsoft Office Services and Web Apps Security Update May 2018(Office)
Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.
Security updates to Microsoft Edge, Internet Explorer, Microsoft scripting engine, Windows app platform and frameworks, Device Guard, Windows kernel, Microsoft Graphics Component, Windows Hyper-V, HTML help, and Windows Server.
Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 Feature Update based on device compatibility and Windows Update for Business deferral policy. This does not apply to long-term servicing editions.
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Security updates to Windows Server, Microsoft Edge, Internet Explorer, Microsoft scripting engine, Windows app platform and frameworks, Windows kernel, Microsoft Graphics Component, Windows storage and filesystems, HTML help, and Windows Hyper-V.
When attempting to upgrade to the Window 10 April 2018 Update, select devices with Intel SSD 600p Series or Intel SSD Pro 6000p Series may repeatedly enter a UEFI screen after restart or stop working.
After upgrading to Window 10 version 1803, some users cannot run QuickBooks (2017, 2018) in multi-user mode. Users may see the error code, "Error 193:0xc1 Windows could not start the QuickBooksDBXX service on Local Computer." 2ff7e9595c
留言