This issue is rated critical because a user’s system may be compromised, potentially giving an attacker full access to the system. Microsoft released a patch for this issue on March 13, 2018. It is highly recommended that all users applying this update.
CVE-2018-0871: Windows Error Reporting Denial of Service Vulnerability.
On January 26, 2018, researchers at Cisco Talos reported a critical vulnerability in Windows Error Reporting that could be used to crash the system and even cause denial-of-service (DoS) attacks. The vulnerability is caused by the error handling of Windows Error Reporting, and it can be exploited to crash a system by sending specially crafted URS packets. Microsoft released a patch for this vulnerability on February 14, 2018.
CVE-2018-0929: Windows Win32k Elevation of Privilege Vulnerability.
On February 9, 2018, researchers at Check Point reported a critical vulnerability in the Windows graphics subsystem that could be exploited to run arbitrary code as elevation of privilege. The vulnerability is caused by an improper input validation in the Windows Win32k component, which can be exploited to run arbitrary code as elevation of privilege. Microsoft released a patch for this vulnerability on February 14, 2018.
CVE-2018-0930: Windows GDI Information Disclosure Vulnerability.
Microsoft Office and Word Processing
On February 7, 2018, researchers at Microsoft reported a critical vulnerability in the Windows graphics subsystem that could be exploited to run arbitrary code as elevation of privilege. The vulnerability is caused by an improper input validation in the Windows GDI component, which can be exploited to run arbitrary code as elevation of privilege. Microsoft released a patch for this vulnerability on February 14, 2018.
CVE-2018-0931: Windows GDI Information Disclosure Vulnerability.
On February 7, 2018, researchers at Microsoft reported a critical vulnerability in the Windows graphics subsystem that could be exploited to run arbitrary code as elevation of privilege. The vulnerability is caused by an improper input validation in the Windows GDI component, which can be exploited to run arbitrary code as elevation of privilege. Microsoft released a patch for this vulnerability on February 14, 2018.
Windows GDI Information Disclosure Vulnerability
On February 29, 2017, security researchers at FireEye reported a critical information disclosure vulnerability in the Windows GDI component. The vulnerability is caused by an improper input validation that could allow an attacker to read arbitrary files on the system. Microsoft released a patch for this issue on March 14, 2018.
CVE-2018-0931: Windows Error Reporting Denial of Service Vulnerability.
This issue is rated critical because a user’s system may be compromised, potentially giving an attacker full access to the system. Microsoft released a patch for this issue on March 13, 2018. It is highly recommended that all users applying this update.
Windows Elevation of Privilege (EoP) and Denial of Service (DoS) Scenarios
If a user is logged in to their system, this vulnerability could be exploited to elevate permissions. If a user is logged out of their system, the vulnerability could be exploited to cause denial-of-service (DoS) attacks.
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC