Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-04 | CVE-2018-0748 | Improper Privilege Management vulnerability in Microsoft products The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". | 7.8 |
| 2018-01-04 | CVE-2018-0744 | Unspecified vulnerability in Microsoft products The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | 7.0 |
| 2018-01-04 | CVE-2018-0743 | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability". | 7.0 |
| 2017-12-12 | CVE-2017-11936 | Improper Input Validation vulnerability in Microsoft Sharepoint Enterprise Server 2016 Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | 8.8 |
| 2017-12-12 | CVE-2017-11935 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office 2016 Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". | 7.8 |
| 2017-12-12 | CVE-2017-11932 | Improper Input Validation vulnerability in Microsoft Exchange Server 2016 Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". | 8.1 |
| 2017-12-12 | CVE-2017-11930 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Internet Explorer ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |
| 2017-12-12 | CVE-2017-11918 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |
| 2017-12-12 | CVE-2017-11916 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |
| 2017-12-12 | CVE-2017-11914 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.5 |