[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:38294
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Uniscribe, which fails to properly h ...

oval:org.secpod.oval:def:39815
The host is missing security update for KB4015067. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39835
The host is missing security update for KB4015068.

oval:org.secpod.oval:def:41674
The host is missing a security update 4022750

oval:org.secpod.oval:def:41272
The host is missing a security update 4025397

oval:org.secpod.oval:def:39817
The host is missing security update for KB3217841. This security update resolves vulnerabilities in Hyper-V that could allow remote code execution.

oval:org.secpod.oval:def:39834
The host is missing security update for KB4015380.

oval:org.secpod.oval:def:41675
The host is missing a security update 4034775

oval:org.secpod.oval:def:40502
The host is missing security updates for KB4018466.

oval:org.secpod.oval:def:40929
The host is missing security update for KB4021923

oval:org.secpod.oval:def:40930
The host is missing security update for KB4022008

oval:org.secpod.oval:def:40928
The host is missing security update for KB4021903

oval:org.secpod.oval:def:41275
The host is missing a security update 4025497

oval:org.secpod.oval:def:40882
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40910
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40911
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40931
The host is missing security update for KB4022010

oval:org.secpod.oval:def:40940
The host is missing security update for KB4022883

oval:org.secpod.oval:def:40917
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40915
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:41246
The host is missing a security update KB4022746

oval:org.secpod.oval:def:41030
The host is missing security update for KB3203393

oval:org.secpod.oval:def:41031
The host is missing security update for KB3191945

oval:org.secpod.oval:def:40943
The host is missing security update for KB4024402

oval:org.secpod.oval:def:41273
The host is missing a security update 4025398

oval:org.secpod.oval:def:41247
The host is missing a security update 4022748

oval:org.secpod.oval:def:41245
The host is missing a security update KB4025409

oval:org.secpod.oval:def:41274
The host is missing a security update 4025872

oval:org.secpod.oval:def:41254
The host is missing a security update KB4022914

oval:org.secpod.oval:def:41236
The host is missing a security update KB4026061

oval:org.secpod.oval:def:41237
The host is missing a security update KB4032955

oval:org.secpod.oval:def:41268
The host is missing a security update KB4025240

oval:org.secpod.oval:def:41673
The host is missing a security update 4034034

oval:org.secpod.oval:def:41685
The host is missing a security update 4034745

oval:org.secpod.oval:def:41648
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ...

oval:org.secpod.oval:def:41676
The host is missing a security update 4035679

oval:org.secpod.oval:def:41671
The host is missing a security update 4035055

oval:org.secpod.oval:def:42101
The host is missing a security update 3213638

oval:org.secpod.oval:def:42092
The host is missing a security update 3213641

oval:org.secpod.oval:def:42029
The host is missing a security update 4038874

oval:org.secpod.oval:def:42114
The host is missing a security update 4011134

oval:org.secpod.oval:def:42028
The host is missing a security update 4039266

oval:org.secpod.oval:def:42044
The host is missing a security update 4039325

oval:org.secpod.oval:def:42362
The host is missing a security update 4042067

oval:org.secpod.oval:def:42366
The host is missing a security update 4042122

oval:org.secpod.oval:def:42354
The host is missing a security update 4042007

oval:org.secpod.oval:def:42350
The host is missing a security update 4041995

oval:org.secpod.oval:def:42367
The host is missing a security update 4042123

oval:org.secpod.oval:def:42368
The host is missing a security update 4042120

oval:org.secpod.oval:def:39416
A security feature bypass exists when Device Guard does not properly validate certain elements of a signed PowerShell script. An attacker who successfully exploited this vulnerability could modify the contents of a PowerShell script without invalidating the signature associated with the file. Becaus ...

oval:org.secpod.oval:def:39118
The host is installed with Microsoft Windows 10, Windows 8.1, Windows Server 2016 and Windows Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the SMB2 TREE_CONNECT Response structure, which fails to properly handle a specially-crafted server response that conta ...

oval:org.secpod.oval:def:39361
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39362
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39402
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ...

oval:org.secpod.oval:def:39323
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system.To exploit these vulnerabilities, an attacker running ...

oval:org.secpod.oval:def:39308
The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2012, Windows server2012 R2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2016, Windows 10 or Windows 8.1 and is prone to an information Disclosure vulnerability. A flaw is present in the ...

oval:org.secpod.oval:def:39309
The host is missing a critical security update according to Microsoft security bulletin, MS17-022. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:39114
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2, Server 2016, or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the windows GDI, which fails to handle a craf ...

oval:org.secpod.oval:def:39322
The host is missing an important security update according to Microsoft security bulletin, MS17-021. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to discl ...

oval:org.secpod.oval:def:39321
An information disclosure vulnerability exists in the way Windows DirectShow handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.In a web-based attack scenario, an attacker could host a website used to att ...

oval:org.secpod.oval:def:39311
The host is missing an important security update according to Microsoft security bulletin, MS17-019. The update is required to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to disclose ...

oval:org.secpod.oval:def:39310
An information disclosure vulnerability exists when Windows Active Directory Federation Services (ADFS) honors XML External Entities. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.To exploit this condition, ...

oval:org.secpod.oval:def:39356
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could run processes in an elevated context. To exploit the vulnerability, a locally authenticated attacker could run a specially crafte ...

oval:org.secpod.oval:def:39358
The host is missing an important security update according to Microsoft security bulletin, MS17-017. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted application. Successful exploitation could allow attackers to escalate ...

oval:org.secpod.oval:def:39324
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39364
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:39417
An information disclosure vulnerability exists when Windows dnsclient fails to properly handle requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system.There are multiple ways an attacker could exploit the vulnerability; If ...

oval:org.secpod.oval:def:39421
The host is missing a critical security update according to Microsoft security bulletin, MS17-012. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:39306
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the ...

oval:org.secpod.oval:def:39307
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the ...

oval:org.secpod.oval:def:39409
Multiple information disclosure vulnerabilities exist in the way that the Color Management Module (ICM32.dll) handles objects in memory. These vulnerabilities allow an attacker to retrieve information to bypassusermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the in ...

oval:org.secpod.oval:def:40494
The host is missing security update for KB4019474.This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40495
The host is missing security update for KB4019472. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40496
The host is missing security update for KB4019473. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40500
The host is missing security update for KB4019215.This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39366
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39411
The host is missing an critical security update according to Microsoft bulletin, MS17-013. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which improperly handles GDI components. An attacker who successfully exploited these vulnerabilities could ex ...

oval:org.secpod.oval:def:39333
The host is missing a critical security update according to Microsoft security bulletin, MS17-008. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:39325
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39328
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39329
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:39368
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39378
The host is missing a critical security update according to Microsoft security bulletin, MS17-011. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:39369
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39365
The host is missing an important security update according to Microsoft security bulletin, MS17-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted application. Successful exploitation could allow attackers to take comp ...

oval:org.secpod.oval:def:39326
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system.To exploit these vulnerabilities, an attacker running ...

oval:org.secpod.oval:def:39825
The host is missing security update for KB4015583.This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39822
The host is missing security update for KB4015219.This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.<

oval:org.secpod.oval:def:39823
The host is missing security update for KB4015217.This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39330
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39332
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:39331
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39327
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39334
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:39399
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ...

oval:org.secpod.oval:def:39398
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user���s system. There are multiple ways an attacker could exploit the vu ...

oval:org.secpod.oval:def:39814
The host is missing security update for KB4015195. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39836
A denial of service vulnerability exists in Active Directory when an authenticated attacker sends malicious search queries. An attacker who successfully exploited this vulnerability could cause the Active Directory service to become nonresponsive.To exploit this vulnerability, an attacker must have ...

oval:org.secpod.oval:def:39816
The host is missing security update for KB3211308. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39767
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:39821
The host is missing security update for KB4015550. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39824
The host is missing security update for KB4015221.This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40498
The host is missing security update for KB4019216. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40432
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:40508
The host is missing security updates for KB4019206.

oval:org.secpod.oval:def:40497
The host is missing security update for KB4016871.This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40504
The host is missing security updates for KB4018556.

oval:org.secpod.oval:def:40932
The host is missing security update for KB4022013

oval:org.secpod.oval:def:42328
An elevation of privilege vulnerability exists in the default Windows SMB Server configuration which allows anonymous users to remotely access certain named pipes that are also configured to allow anonymous access to users who are logged on locally. An unauthenticated attacker who successfully explo ...

oval:org.secpod.oval:def:42353
The host is missing a security update 4041681

oval:org.secpod.oval:def:42357
The host is missing a security update 4041690

oval:org.secpod.oval:def:42359
The host is missing a security update 4041687

oval:org.secpod.oval:def:42361
The host is missing a security update 4041693

oval:org.secpod.oval:def:42364
The host is missing a security update 4041678

oval:org.secpod.oval:def:42363
The host is missing a security update 4041679

oval:org.secpod.oval:def:40906
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affected system, ...

oval:org.secpod.oval:def:40920
An elevation of privilege vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited t ...

oval:org.secpod.oval:def:41669
The host is missing a security update 4034660

oval:org.secpod.oval:def:41678
The host is missing a security update 4034674

oval:org.secpod.oval:def:41680
The host is missing a security update 4034658

oval:org.secpod.oval:def:40503
The host is missing security updates for KB4019204.

oval:org.secpod.oval:def:40923
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:40942
The host is missing security update for KB4022887

oval:org.secpod.oval:def:41238
The host is missing a security update KB4025336

oval:org.secpod.oval:def:41240
The host is missing a security update KB4025331

oval:org.secpod.oval:def:41251
The host is missing a security update KB4025343

oval:org.secpod.oval:def:41202
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ...

oval:org.secpod.oval:def:41209
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41210
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41214
A remote code execution vulnerability exists when HoloLens improperly handles objects in memory.An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:41211
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41212
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affected system, ...

oval:org.secpod.oval:def:41218
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ...

oval:org.secpod.oval:def:41244
The host is missing a security update KB4026059

oval:org.secpod.oval:def:41248
The host is missing a security update KB4025877

oval:org.secpod.oval:def:41269
The host is missing a security update KB4025252

oval:org.secpod.oval:def:41683
The host is missing a security update 4034665

oval:org.secpod.oval:def:41681
The host is missing a security update 4034681

oval:org.secpod.oval:def:41684
The host is missing a security update 4034664

oval:org.secpod.oval:def:41682
The host is missing a security update 4034668

oval:org.secpod.oval:def:42031
The host is missing a security update 4038783

oval:org.secpod.oval:def:42035
The host is missing a security update 4038788

oval:org.secpod.oval:def:42038
The host is missing a security update 4038781

oval:org.secpod.oval:def:42037
The host is missing a security update 4038782

oval:org.secpod.oval:def:41670
The host is missing a security update 4034666

oval:org.secpod.oval:def:41679
The host is missing a security update 4034672

oval:org.secpod.oval:def:41677
The host is missing a security update 4034679

oval:org.secpod.oval:def:42034
The host is missing a security update 4039384

oval:org.secpod.oval:def:42033
The host is missing a security update 4038779

oval:org.secpod.oval:def:42032
The host is missing a security update 4038777

oval:org.secpod.oval:def:42036
The host is missing a security update 4038786

oval:org.secpod.oval:def:42042
The host is missing a security update 4038793

oval:org.secpod.oval:def:42041
The host is missing a security update 4038792

oval:org.secpod.oval:def:42040
The host is missing a security update 4038799

oval:org.secpod.oval:def:42001
An information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would hav ...

oval:org.secpod.oval:def:42006
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to be ...

oval:org.secpod.oval:def:42109
The host is missing a security update 4011040

oval:org.secpod.oval:def:42113
The host is missing a security update 4011107

oval:org.secpod.oval:def:42119
The host is missing a security update 4025867

oval:org.secpod.oval:def:42118
The host is missing a security update 4025866

oval:org.secpod.oval:def:42117
The host is missing a security update 4025865

oval:org.secpod.oval:def:42121
The host is missing a security update 4025869

oval:org.secpod.oval:def:42120
The host is missing a security update 4025868

oval:org.secpod.oval:def:42012
A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a v ...

oval:org.secpod.oval:def:42011
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to ...

oval:org.secpod.oval:def:1600686
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability

oval:org.secpod.oval:def:42018
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:42021
A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the ...

oval:org.secpod.oval:def:41757
The operating system installed on the system is Microsoft Windows Server 2016.

oval:org.secpod.oval:def:41651
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:39773
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:39774
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39775
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39770
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:39771
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39772
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39764
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:39768
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:39769
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:39761
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:40433
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.This vulnerability by itself does not allow arbit ...

oval:org.secpod.oval:def:41647
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:42013
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:42014
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:42019
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:42020
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:41213
An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the HTTP.sys server application system.A remote unauthenticated ...

oval:org.secpod.oval:def:41217
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:41216
A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files.Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. In an email attack scenario, an attacker could exploit th ...

oval:org.secpod.oval:def:42319
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:42320
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:42325
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the ...

oval:org.secpod.oval:def:42324
An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, the attacker could send specially crafted m ...

oval:org.secpod.oval:def:42323
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:42322
A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; ...

oval:org.secpod.oval:def:42329
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ...

oval:org.secpod.oval:def:42327
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to sen ...

oval:org.secpod.oval:def:42339
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by r ...

oval:org.secpod.oval:def:42338
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:42343
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:42342
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ...

oval:org.secpod.oval:def:42341
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:42340
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. To exploit ...

oval:org.secpod.oval:def:40442
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:41652
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:40448
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ...

oval:org.secpod.oval:def:40445
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ...

oval:org.secpod.oval:def:40451
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40452
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40453
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ...

oval:org.secpod.oval:def:41203
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ...

oval:org.secpod.oval:def:41200
A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.To exploit this vulnerabil ...

oval:org.secpod.oval:def:41201
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41206
An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class.The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and explo ...

oval:org.secpod.oval:def:41207
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41204
An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol.In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to ...

oval:org.secpod.oval:def:41205
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:41208
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:40883
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40884
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40881
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:39776
A security feature bypass vulnerability exists when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests. To exploit this vulnerability, an attacker could run a specially crafted application and attempt to brute-force an account password. An attacker who successfully ex ...

oval:org.secpod.oval:def:40887
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40888
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:39779
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:40885
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40886
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40889
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40890
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40891
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40892
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40898
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially craftedPDF file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.To exploit the vulnerability, an attacker must entice the u ...

oval:org.secpod.oval:def:40899
A tampering vulnerability exists in Microsoft Windows that could allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are synchronized the first time when a user logs ...

oval:org.secpod.oval:def:41995
A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacted s ...

oval:org.secpod.oval:def:41999
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:41998
A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ...

oval:org.secpod.oval:def:41997
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:41642
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vuln ...

oval:org.secpod.oval:def:41643
A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class.The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit ...

oval:org.secpod.oval:def:41640
A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets.An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive.A remote unauthenticated attacker could exploit this vulnerability by sending a ...

oval:org.secpod.oval:def:41641
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system.An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, ...

oval:org.secpod.oval:def:40434
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. Th ...

oval:org.secpod.oval:def:41644
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:40435
An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. An attacker could use this vulnerability to elevate their privilege level. To exploit this vulnerability an attacker would first need to have access to the local system and hav ...

oval:org.secpod.oval:def:41645
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:40439
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to d ...

oval:org.secpod.oval:def:41650
This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system funct ...

oval:org.secpod.oval:def:40879
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:39780
A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer ...

oval:org.secpod.oval:def:39781
A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ...

oval:org.secpod.oval:def:39782
A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ...

oval:org.secpod.oval:def:39783
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:40880
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:40921
A denial of service vulnerability exists in Microsoft Windows when an unauthenticated attacker sends a specially crafted kernel mode request.An attacker who successfully exploited this vulnerability could cause a denial of service on the target system, causing the machine to either stop responding o ...

oval:org.secpod.oval:def:40925
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious c ...

oval:org.secpod.oval:def:40926
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:40927
An information disclosure vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability,an attacker could send specially crafted SMB messages to ...

oval:org.secpod.oval:def:40957
A remote code execution vulnerability exists in Microsoft Windows, Microsoft Word 2013 and Microsoft Word 2016 if a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.To exploit th ...

oval:org.secpod.oval:def:39840
A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ...

oval:org.secpod.oval:def:39841
An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacke ...

oval:org.secpod.oval:def:39842
An elevation of privilege vulnerability exists in Microsoft Windows OLE when it fails an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. The vulnerabi ...

oval:org.secpod.oval:def:39838
An elevation of privilege vulnerability exists when LDAP request buffer lengths are improperly calculated; In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller. An attacker who successful ...

oval:org.secpod.oval:def:39839
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:40902
An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session.To exploit the vulnerabili ...

oval:org.secpod.oval:def:40903
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially craftedPDF file. An attacker who successfully exploited the vulnerability could read memory in the context of the current user.To exploit the vulnerability, an attacker would have to trick the user into ...

oval:org.secpod.oval:def:40900
An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. An attacker who s ...

oval:org.secpod.oval:def:40901
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ...

oval:org.secpod.oval:def:40904
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ...

oval:org.secpod.oval:def:40908
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40909
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40913
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40914
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40912
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40918
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40916
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40919
A security feature bypass vulnerability exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks, which could allow an attacker to set variables that are either read-only or require authentication.To exploit this vulnerability, an attacker could run a specially cra ...

oval:org.secpod.oval:def:41198
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41199
An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker could create ...

oval:org.secpod.oval:def:42057
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ...

oval:org.secpod.oval:def:42056
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:42058
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ...

oval:org.secpod.oval:def:42347
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attac ...

oval:org.secpod.oval:def:42346
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:42345
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:42344
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:41147
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability ...

oval:org.secpod.oval:def:41148
An Elevation of Privilege vulnerability exists when the Windows Graphics component improperly initializes contents in memory.An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or cr ...

oval:org.secpod.oval:def:41267
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41149
An information disclosure vulnerability exists when DirectX improperly handles objects in memory.An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:42002
A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ...

oval:org.secpod.oval:def:41276
A remote code execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user. Users not running as administrators would be ...

oval:org.secpod.oval:def:42000
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:41279
An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration ...

oval:org.secpod.oval:def:41277
An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration. ...

oval:org.secpod.oval:def:41278
A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.In an attack scenario, an attacker could execute malicious code in a PowerShell remote session. ...

oval:org.secpod.oval:def:42003
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker wou ...

oval:org.secpod.oval:def:42008
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it cou ...

oval:org.secpod.oval:def:42007
An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel ...

oval:org.secpod.oval:def:41165
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:42010
A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ...

oval:org.secpod.oval:def:42015
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability ...

oval:org.secpod.oval:def:41107
The host is missing security update for KB4022722

oval:org.secpod.oval:def:41105
The host is missing security update for KB4022717

oval:org.secpod.oval:def:41106
The host is missing security update for KB4022718

oval:org.secpod.oval:def:40936
The host is missing security update for KB4022724

oval:org.secpod.oval:def:40933
The host is missing security update for KB4022714

oval:org.secpod.oval:def:40934
The host is missing security update for KB4022715

oval:org.secpod.oval:def:40939
The host is missing security update for KB4022727

oval:org.secpod.oval:def:40937
The host is missing security update for KB4022725

oval:org.secpod.oval:def:40938
The host is missing security update for KB4022726

oval:org.secpod.oval:def:40941
The host is missing security update for KB4022884

oval:org.secpod.oval:def:41026
The host is missing security update for KB3191837

oval:org.secpod.oval:def:41027
The host is missing security update for KB3191844

oval:org.secpod.oval:def:41039
The host is missing security update for KB3203382

oval:org.secpod.oval:def:41040
The host is missing security update for KB4023307

oval:org.secpod.oval:def:42351
The host is missing a security update 4042895

oval:org.secpod.oval:def:42356
The host is missing a security update 4041689

oval:org.secpod.oval:def:42355
The host is missing a security update 4041691

oval:org.secpod.oval:def:42360
The host is missing a security update 4041676

oval:org.secpod.oval:def:42724
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ...

oval:org.secpod.oval:def:42723
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:42728
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ...

oval:org.secpod.oval:def:42738
The host is missing a security update 4048970

oval:org.secpod.oval:def:42743
The host is missing a security update 4048959

oval:org.secpod.oval:def:42741
The host is missing a security update 4048955

oval:org.secpod.oval:def:42747
The host is missing a security update 4048961

oval:org.secpod.oval:def:42746
The host is missing a security update 4048954

oval:org.secpod.oval:def:42745
The host is missing a security update 4048960

oval:org.secpod.oval:def:42749
The host is missing a security update 4048957

oval:org.secpod.oval:def:42748
The host is missing a security update 4048962

oval:org.secpod.oval:def:42750
The host is missing a security update 4048956

oval:org.secpod.oval:def:42752
The host is missing a security update 4048952

oval:org.secpod.oval:def:42751
The host is missing a security update 4048953

oval:org.secpod.oval:def:42717
A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. To exploit the vulnerability, the attacker could send specially crafted messages to th ...

oval:org.secpod.oval:def:42736
The host is missing a security update 4047211

oval:org.secpod.oval:def:42737
The host is missing a security update 4048958

oval:org.secpod.oval:def:42726
A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ...

oval:org.secpod.oval:def:41242
The host is missing a security update KB4025338

oval:org.secpod.oval:def:41243
The host is missing a security update KB4025339

oval:org.secpod.oval:def:41249
The host is missing a security update KB4025344

oval:org.secpod.oval:def:41252
The host is missing a security update KB4025342

CVE    217
CVE-2016-7212
CVE-2016-7221
CVE-2016-7215
CVE-2016-7214
...
*CPE
cpe:/o:microsoft:windows_server_2016
XCCDF    3
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016

© 2013 SecPod Technologies