This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2014-02-26
Product Windows 8 Last view 2018-02-28
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_8

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2018-02-28 CVE-2018-6947

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.

5.5 2018-02-26 CVE-2018-7250

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.

7 2018-02-26 CVE-2018-7249

An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.

7.8 2017-03-16 CVE-2017-0050

The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

9 2014-11-18 CVE-2014-6324

The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."

9.3 2014-07-08 CVE-2014-1824

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability."

7.2 2014-07-08 CVE-2014-1767

Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

5 2014-02-26 CVE-2013-7332

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CWE : Common Weakness Enumeration

%idName
12% (1) CWE-665 Improper Initialization
12% (1) CWE-416 Use After Free
12% (1) CWE-415 Double Free
12% (1) CWE-399 Resource Management Errors
12% (1) CWE-362 Race Condition
12% (1) CWE-264 Permissions, Privileges, and Access Controls
12% (1) CWE-200 Information Exposure
12% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0180 Microsoft Windows Kerberos Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0057571
2014-A-0095 Microsoft Windows Journal Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0052951
2014-B-0093 Microsoft Ancillary Function Driver Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0052955

Snort® IPS/IDS

Date Description
2017-03-16 Microsoft Windows Kernel NtCreateProfile privilege escalation attempt
RuleID : 41610 - Type : OS-WINDOWS - Revision : 4
2017-03-16 Microsoft Windows Kernel NtCreateProfile privilege escalation attempt
RuleID : 41609 - Type : OS-WINDOWS - Revision : 4
2017-03-16 Microsoft Windows Kernel NtCreateProfile privilege escalation attempt
RuleID : 41608 - Type : OS-WINDOWS - Revision : 4
2017-03-16 Microsoft Windows Kernel NtCreateProfile privilege escalation attempt
RuleID : 41607 - Type : OS-WINDOWS - Revision : 4
2016-03-14 Microsoft Windows Kerberos privilege escalation attempt
RuleID : 36596 - Type : OS-WINDOWS - Revision : 4
2015-08-14 Microsoft Windows Kerberos privilege escalation attempt
RuleID : 35118 - Type : OS-WINDOWS - Revision : 5

Nessus® Vulnerability Scanner

id Description
2017-03-14 Name: The remote Windows host is affected multiple elevation of privilege vulnerabi...
File: smb_nt_ms17-017.nasl - Type: ACT_GATHER_INFO
2014-11-18 Name: The remote implementation of Kerberos KDC is affected by a privilege escalati...
File: smb_nt_ms14-068.nasl - Type: ACT_GATHER_INFO
2014-07-08 Name: The remote Windows host is affected by a code execution vulnerability.
File: smb_nt_ms14-038.nasl - Type: ACT_GATHER_INFO
2014-07-08 Name: The remote Windows host contains a driver that allows elevation of privilege.
File: smb_nt_ms14-040.nasl - Type: ACT_GATHER_INFO