CVSS Base Vector:
This host is missing a critical security
update according to Microsoft KB4520010
Checks if a vulnerable version is present
on the target host.
Multiple flaws exists due to,
- Microsoft Browsers does not properly parse HTTP content.
- Microsoft XML Core Services MSXML parser improperly processes user input.
- VBScript engine improperly handles objects in memory.
- Windows Imaging API improperly handles objects in memory.
- The 'umpo.dll' of the Power Service, improperly handles a Registry Restore
- Windows improperly handles hard link.
- Windows Error Reporting manager improperly handles hard links.
- Windows CloudStore improperly handles file Discretionary Access Control List
- Windows Jet Database Engine improperly handles objects in memory.
For more information about the vulnerabilities refer Reference links.
Successful exploitation will allow an attacker
to run arbitrary code on the client machine, bypass security restrictions,
elevate privileges and read privileged data across trust boundaries, create a
denial of service condition and conduct spoofing attack.
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
The vendor has released updates. Please see
the references for more information.