漏洞类别:Windows
漏洞等级: 
漏洞信息
Microsoft has released Cumulative Security Updates for Windows which addresses the following vulnerabilities:
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.
An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to the buffer.
A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed.
KB Articles associated with the Update:
3217845
4018106
4019204
4019263
4019264
4021903
4021923
4022008
4022010
4022013
4022714
4022715
4022717
4022718
4022719
4022722
4022724
4022725
4022726
4022727
4022883
4022884
4022887
4024402
漏洞危害
Successful exploitation allows an attacker to execute arbitrary code and take control of an affected system.
解决方案
Customers are advised to refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论