

Rewterz Threat Advisory – Microsoft Windows Server 2012 / Windows RT 8.1 / 8.1 Multiple Vulnerabilities
September 12, 2018
Rewterz Threat Advisory – PyLocky ransomware using unique evasion tactics
September 13, 2018
Rewterz Threat Advisory – Microsoft Windows Server 2012 / Windows RT 8.1 / 8.1 Multiple Vulnerabilities
September 12, 2018
Rewterz Threat Advisory – PyLocky ransomware using unique evasion tactics
September 13, 2018Multiple vulnerabilities have been reported in MS windows server 2016 and Windows 10, occurring due to a total of 29 errors.
IMPACT: HIGH
PUBLISH DATE: 12-09-2018
OVERVIEW
Multiple vulnerabilities have been reported in Microsoft Windows 10 and Microsoft Windows Server 2016. These may cause system access, DoS, Privilege escalation, Exposure of sensitive information, Manipulation of data and Security Bypass, when exploited.
Updates are available for the affected products.
ANALYSIS
A total of 29 errors has been reported in the affected products, which are as follows.
- Microsoft Windows task scheduler has an error when handling ALPC calls related to the “SchRpcSetSecurity()” function that can be exploited to gain elevated SYSTEM privileges.
- An arbitrary code can be executed with host privileges due to an error in Windows Hyper-V.
- An error related to the bowser.sys driver when handling objects in memory may disclose kernel memory when exploited.
- An error when handling SMB requests can be exploited to crash the system via a specially crafted SMB request.
- An error related to the Windows Kernel API when handling registry objects in memory can be exploited to gain elevated privileges.
- An error related to Windows kernel when initializing memory can be exploited to disclose certain information.
- An error related to the MSXML parser can be exploited to execute arbitrary code via specially crafted XML.
- An error related to the Windows GDI component can be exploited to disclose memory contents.
- An error related to the DXGKRNL driver when handling objects in memory can be exploited to gain elevated privileges.
- A boundary error within the “bEmit()” function (gdiplus.dll) can be exploited to disclose certain information.
- An error when handling image files can be exploited to execute arbitrary code via a specially crafted image file.
- An error related to the Windows Subsystem for Linux can be exploited to modify arbitrary files.
- An error related to the Microsoft JET Database Engine can be exploited to execute arbitrary code via a specially crafted Excel file.
- Another error related to the Microsoft JET Database Engine can be exploited to execute arbitrary code via a specially crafted Excel file.
- An error related to Windows Hyper-V can be exploited to disclose host memory contents.
- An error related to the Windows Hyper-V BIOS loader when providing a high-entropy source exists.
- An error related to Windows Hyper-V can be exploited to crash the host.
- Another error related to Windows Hyper-V can be exploited to crash the host.
- Another error related to Windows Hyper-V can be exploited to crash the host.
- An error related to Windows Hyper-V can be exploited to execute arbitrary code with host privileges.
- An error related to Windows Subsystem for Linux can be exploited to execute arbitrary code with elevated privileges.
- An error related to Windows kernel when handling objects in memory can be exploited to disclose certain information.
- Another error related to Windows kernel when handling objects in memory can be exploited to disclose certain information.
- An error when handling SMBv2 requests can be exploited to disclose certain information.
- An error related to Windows kernel when handling objects in memory can be exploited to disclose certain information.
- Another error related to Windows kernel when handling objects in memory can be exploited to disclose certain information.
- An error related to Device Guard can be exploited to bypass Device Guard file signature validation.
- An error related to Windows kernel when handling objects in memory can be exploited to execute arbitrary code with elevated privileges.
- An error when parsing files can be exploited to bypass sandbox restrictions and subsequently gain elevated privileges.
- AFFECTED PRODUCTS
- Microsoft Windows 10Microsoft Windows Server 2016
- UPDATES
- Update the following versions as suggested:
- Windows 10 Version 1803 for x64-based Systems (KB4457128):
- Windows Server, version 1803 (Server Core Installation) (KB4457128):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457128
- Windows Server 2016 (KB4457131):
- Windows 10 Version 1607 for x64-based Systems (KB4457131):
- Windows Server 2016 (Server Core installation) (KB4457131):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457131
- Windows 10 Version 1703 for x64-based Systems (KB4457138):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457138
- Windows Server, version 1709 (Server Core Installation) (KB4457142):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457142
- Windows 10 for 32-bit Systems (KB4457132):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457132
- Windows 10 Version 1803 for 32-bit Systems (KB4457128):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457128
- Windows 10 Version 1607 for 32-bit Systems (KB4457131):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457131
- Windows 10 for x64-based Systems (KB4457132):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457132
- Windows 10 Version 1703 for 32-bit Systems (KB4457138):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457138
- Windows 10 Version 1709 for x64-based Systems (KB4457142):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457142
- Windows 10 Version 1709 for 32-bit Systems (KB4457142):
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457142
- It is recommended to update the products you’re using, if any, as soon as possible.If you think you’re the victim of a cyber-attack, immediately send an email to info@rewterz.com