Threat Advisories - NVD Disclosed May 9, 2018

CVE-2018-8174

Microsoft Windows VBScript Engine Remote Code Execution Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the VBScript engine allowed for remote code execution on affected Windows systems. This could enable attackers to gain unauthorized access and control, impacting systems, data, and business operations. The realistic business risk involves potential system compromise through user interaction with mali

NVD published: May 9, 2018 • CISA KEV

CVE advisoryKnown Exploit

CVE-2018-8120

Windows Win32k Elevation of Privilege Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the Windows Win32k component allows for privilege escalation by an attacker with local access. This could impact system integrity and data confidentiality. Affected organizations include those using Windows 7 and Windows Server 2008.

NVD published: May 9, 2018 • CISA KEV

CVE advisoryKnown Exploit

CVE-2018-0824

Microsoft Windows COM Remote Code Execution Vulnerability.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A remote code execution vulnerability exists in Microsoft COM for Windows. This impacts multiple Windows operating systems and could allow attackers to execute arbitrary code, leading to data compromise and service disruption. The realistic business risk includes unauthorized system control and potential data breaches.

NVD published: May 9, 2018 • CISA KEV