Microsoft CVE-2018-0942: Internet Explorer Elevation of Privilege Vulnerability
Description
An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The update addresses the vulnerability by correcting how Internet Explorer handles zone and integrity settings.
Solution(s)
- msft-kb4088779-48dd1136-48ee-44c7-a573-868521eccff4
- msft-kb4088779-c19a8868-ac70-44b1-9b6f-2d4dc02cf9ba
- msft-kb4088782-4c26f4d6-719a-484d-b39e-e05f7b8f92b0
- msft-kb4088782-f6e16c94-5afc-4df9-9970-2d4ca233b263
- msft-kb4088786-beebacd8-b2b4-4dd0-94b4-9e3d6252b7f0
- msft-kb4088786-d8280f8b-2c0a-4543-99a8-8e72f83c84dd
- msft-kb4088787-5dc25e3e-31b9-4ac7-b1b7-a62a9821390d
- msft-kb4088787-b28a900c-61a0-4362-8df4-e1ecc7caa389
- msft-kb4088787-c4fe9ff8-acd4-405b-91b5-334daf81ae00
- msft-kb4096040-2eec940e-d50c-45d1-aed4-cfe6d3d831ea
- msft-kb4096040-3af42ab1-13ed-42b5-9e4e-a841a71e7f2c
- msft-kb4096040-4101df83-df0e-4c76-80e3-83aea3c9e7db
- msft-kb4096040-b4ed46c5-dbf5-4dc0-924d-0684e1846c53
- msft-kb4096040-be3cdb55-862c-4362-b015-894e381e07f9
- msft-kb4089187-13297a5b-e08e-452b-ad5e-0dd1554336e5
- msft-kb4089187-33d88d8b-59f7-4b0a-a17c-cb19048fe543
- msft-kb4089187-3983c774-8f83-4c5f-ac83-d9adef0e4689
- msft-kb4089187-4280269c-cbc0-49df-ad87-7afefe312b0c
- msft-kb4089187-59bedce4-62a3-4efb-abe1-6da5b2b66231
- msft-kb4089187-5f5d114c-aff6-48ed-b895-b84bbf4232a0
- msft-kb4089187-5fe1b7c5-8bd5-41d1-82df-3d678a3becee
- msft-kb4089187-689f6db0-db61-4489-8b23-26cd86faf5f5
- msft-kb4089187-819dd834-ee9f-41a2-91c2-cacdb300b795
- msft-kb4089187-8f61da4b-31a0-4145-b0f5-6802ce44f96a
- msft-kb4089187-a94c4afc-e4c6-4ed2-ba67-52dc1a5ea64d
- msft-kb4089187-d26eb37f-c1b7-433d-91ee-afe62721a33d
- msft-kb4089187-f131e5c8-396c-4fe8-b896-fbdf4d36735b
- msft-kb4089187-fd82da1e-c832-4539-be1f-7ee3c383f244
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center