安全研究
综述
微软于周二发布了10月安全更新补丁,修复了61个从简单的欺骗攻击到远程执行代码的安全问题,产品涉及Azure、Internet Explorer、Microsoft Browsers、Microsoft Devices、Microsoft Dynamics、Microsoft Edge、Microsoft Graphics Component、Microsoft JET Database Engine、Microsoft Office、Microsoft Office SharePoint、Microsoft sc
相关信息如下:
产品 |
CVE编号 |
CVE标题 |
严重程度 |
Azure |
CVE-2019-1372 |
Azure App Service远程代码执行漏洞 |
Critical |
Internet Explorer |
CVE-2019-1371 |
Internet Explorer内存破坏漏洞 |
Important |
Microsoft Browsers |
CVE-2019-0608 |
Microsoft Browser欺骗漏洞 |
Important |
Microsoft Browsers |
CVE-2019-1357 |
Microsoft Browser欺骗漏洞 |
Important |
Microsoft Devices |
CVE-2019-1314 |
Windows 10 Mobile安全功能绕过漏洞 |
Important |
Microsoft Dynamics |
CVE-2019-1375 |
Microsoft Dynamics 365 (On-Premise)
Cross Site sc |
Important |
Microsoft Edge |
CVE-2019-1356 |
Microsoft Edge based on Edge HTML信息泄露漏洞 |
Important |
Microsoft Graphics Component |
CVE-2019-1361 |
Microsoft Graphics Components信息泄露漏洞 |
Important |
Microsoft Graphics Component |
CVE-2019-1362 |
Win32k特权提升漏洞 |
Important |
Microsoft Graphics Component |
CVE-2019-1363 |
Windows GDI信息泄露漏洞 |
Important |
Microsoft Graphics Component |
CVE-2019-1364 |
Win32k特权提升漏洞 |
Important |
Microsoft JET Database Engine |
CVE-2019-1358 |
Jet Database Engine远程代码执行漏洞 |
Important |
Microsoft JET Database Engine |
CVE-2019-1359 |
Jet Database Engine远程代码执行漏洞 |
Important |
Microsoft Office |
CVE-2019-1327 |
Microsoft Excel远程代码执行漏洞 |
Important |
Microsoft Office |
CVE-2019-1331 |
Microsoft Excel远程代码执行漏洞 |
Important |
Microsoft Office SharePoint |
CVE-2019-1070 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
Microsoft Office SharePoint |
CVE-2019-1328 |
Microsoft SharePoint欺骗漏洞 |
Important |
Microsoft Office SharePoint |
CVE-2019-1329 |
Microsoft SharePoint特权提升漏洞 |
Important |
Microsoft Office SharePoint |
CVE-2019-1330 |
Microsoft SharePoint特权提升漏洞 |
Important |
Microsoft
sc |
CVE-2019-1060 |
MS XML远程代码执行漏洞 |
Critical |
Microsoft
sc |
CVE-2019-1307 |
Chakra
sc |
Critical |
Microsoft
sc |
CVE-2019-1308 |
Chakra sc |
Critical |
Microsoft
sc |
CVE-2019-1238 |
vb |
Critical |
Microsoft
sc |
CVE-2019-1239 |
vb |
Critical |
Microsoft
sc |
CVE-2019-1335 |
Chakra
sc |
Critical |
Microsoft
sc |
CVE-2019-1366 |
Chakra sc |
Critical |
Microsoft Windows |
CVE-2019-1341 |
Windows Power Service特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1342 |
Windows Error Reporting Manager特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1344 |
Windows Code Integrity Module信息泄露漏洞 |
Important |
Microsoft Windows |
CVE-2019-1346 |
Windows拒绝服务漏洞 |
Important |
Microsoft Windows |
CVE-2019-1347 |
Windows拒绝服务漏洞 |
Important |
Microsoft Windows |
CVE-2019-1311 |
Windows Imaging API远程代码执行漏洞 |
Important |
Microsoft Windows |
CVE-2019-1315 |
Windows Error Reporting Manager特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1316 |
Microsoft Windows Setup特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1317 |
Microsoft Windows拒绝服务漏洞 |
Important |
Microsoft Windows |
CVE-2019-1318 |
Microsoft Windows Transport Layer Security欺骗漏洞 |
Important |
Microsoft Windows |
CVE-2019-1319 |
Windows Error Reporting特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1320 |
Microsoft Windows特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1321 |
Microsoft Windows CloudStore特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1322 |
Microsoft Windows特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1325 |
Windows Redirected Drive Buffering System特权提升漏洞 |
Moderate |
Microsoft Windows |
CVE-2019-1338 |
Windows NTLM安全功能绕过漏洞 |
Important |
Microsoft Windows |
CVE-2019-1339 |
Windows Error Reporting Manager特权提升漏洞 |
Important |
Microsoft Windows |
CVE-2019-1340 |
Microsoft Windows特权提升漏洞 |
Important |
Open Source Software |
CVE-2019-1369 |
Open Enclave SDK信息泄露漏洞 |
Important |
Secure Boot |
CVE-2019-1368 |
Windows Secure Boot安全功能绕过漏洞 |
Important |
Servicing Stack Updates |
ADV990001 |
Latest Servicing Stack Updates |
Critical |
SQL Server |
CVE-2019-1313 |
SQL Server Management Studio信息泄露漏洞 |
Important |
SQL Server |
CVE-2019-1376 |
SQL Server Management Studio信息泄露漏洞 |
Important |
Windows Hyper-V |
CVE-2019-1230 |
Hyper-V信息泄露漏洞 |
Important |
Windows IIS |
CVE-2019-1365 |
Microsoft IIS Server特权提升漏洞 |
Important |
Windows Installer |
CVE-2019-1378 |
Windows 10 Update Assistant特权提升漏洞 |
Important |
Windows Kernel |
CVE-2019-1343 |
Windows拒绝服务漏洞 |
Important |
Windows Kernel |
CVE-2019-1345 |
Windows Kernel信息泄露漏洞 |
Important |
Windows Kernel |
CVE-2019-1334 |
Windows Kernel信息泄露漏洞 |
Important |
Windows NTLM |
CVE-2019-1166 |
Windows NTLM Tampering Vulnerability |
Important |
Windows RDP |
CVE-2019-1326 |
Windows Remote Desktop Protocol (RDP)拒绝服务漏洞 |
Important |
Windows RDP |
CVE-2019-1333 |
Remote Desktop Client远程代码执行漏洞 |
Critical |
Windows Update Stack |
CVE-2019-1323 |
Microsoft Windows Update Client特权提升漏洞 |
Important |
Windows Update Stack |
CVE-2019-1336 |
Microsoft Windows Update Client特权提升漏洞 |
Important |
Windows Update Stack |
CVE-2019-1337 |
Windows Update Client信息泄露漏洞 |
Important |
修复建议
微软官方已经发布更新补丁,请及时进行补丁更新。
附件
ADV990001 - Latest Servicing Stack Updates
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
||||||||||||||||||||||||||||||||||||
ADV990001 |
CVE
Title:Latest Servicing Stack Updates This is a list of the latest servicing stack updates for each operating system. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
1. Why are all of the Servicing Stack Updates (SSU) critical updates? The SSUs are classified as Critical updates. This does not indicate that there is a critical vulnerability being addressed in the update. 2. When was the most recent SSU released for each version of Microsoft Windows? Please refer to the following table for the most recent SSU release. We will update the entries any time a new SSU is released:
A Servicing Stack Update has been released for Windows Server 2008 and Windows Server 2008 (Server Core installation); Windows 10 version 1809 Windows Server 2019 and Windows Server 2019 (Server Core installation). See the FAQ section for more inion. 5.0 02/12/2019 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1607 Windows Server 2016 and Windows Server 2016 (Server Core installation); Windows 10 Version 1703; Windows 10 Version 1709 and Windows Server version 1709 (Server Core Installation); Windows 10 Version 1803 and Windows Server version 1803 (Server Core Installation). See the FAQ section for more inion. 11.0 07/09/2019 07:00:00 A Servicing Stack Update has been released for all supported versions of Windows 10 (including Windows Server 2016 and 2019) Windows 8.1 Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more inion. 5.2 02/14/2019 08:00:00 In the Security Updates table corrected the Servicing Stack Update (SSU) for Windows 10 Version 1803 for x64-based Systems to 4485449. This is an inional change only. 12.0 07/24/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more inion. 3.0 12/11/2018 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1709 Windows Server version 1709 (Server Core Installation) Windows 10 Version 1803 and Windows Server version 1803 (Server Core Installation). See the FAQ section for more inion. 6.0 03/12/2019 07:00:00 A Servicing Stack Update has been released for Windows 7 and Windows Server 2008 R2 and Windows Server 2008 R2 (Server Core installation). See the FAQ section for more inion. 9.0 06/11/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 version 1607 Windows Server 2016 Windows 10 version 1809 and Windows Server 2019. See the FAQ section for more inion. 8.0 05/14/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 version 1507 Windows 10 version 1607 Windows Server 2016 Windows 10 version 1703 Windows 10 version 1709 Windows Server version 1709 Windows 10 version 1803 Windows Server version 1803 Windows 10 version 1809 Windows Server 2019 Windows 10 version 1809 and Windows Server version 1809. See the FAQ section for more inion. 4.0 01/08/2019 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1703. See the FAQ section for more inion. 15.0 10/08/2019 07:00:00 A Servicing Stack Update has been released for all supported versions of Windows 10 (including Windows Server 2016 and 2019) Windows 8.1 Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more inion. 14.0 09/10/2019 07:00:00 A Servicing Stack Update has been released for all supported versions of Windows. See the FAQ section for more inion. 3.1 12/11/2018 08:00:00 Updated supersedence inion. This is an inional change only. 3.2 12/12/2018 08:00:00 Fixed a typo in the FAQ. 1.1 11/14/2018 08:00:00 Corrected the link to the Windows Server 2008 Servicing Stack Update. This is an inional change only. 1.0 11/13/2018 08:00:00 Inion published. 2.0 12/05/2018 08:00:00 A Servicing Stack Update has been released for Windows 10 Version 1809 and Windows Server 2019. See the FAQ section for more inion. 1.2 12/03/2018 08:00:00 FAQs have been added to further explain Security Stack Updates. The FAQs include a table that indicates the most recent SSU release for each Windows version. This is an inional change only. 13.0 07/26/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server version 1903 (Server Core installation). See the FAQ section for more inion. 5.1 02/13/2019 08:00:00 In the Security Updates table corrected the Servicing Stack Update (SSU) for Windows 10 Version 1809 for x64-based Systems to 4470788. This is an inional change only. 10.0 06/14/2019 07:00:00 A Servicing Stack Update has been released for Windows 10 version 1903 and Windows Server version 1903 (Server Core installation). See the FAQ section for more inion. |
Critical |
Defense in Depth |
Affected Software
The following tables list the affected software details for the vulnerability.
ADV990001 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4516655 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 7 for x64-based Systems Service Pack 1 |
4516655 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4516655 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4516655 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4516655 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4517134 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2012 |
4512939 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2012 (Server Core installation) |
4512939 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 8.1 for 32-bit systems |
4512938 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 8.1 for x64-based systems |
4512938 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2012 R2 |
4512938 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2012 R2 (Server Core installation) |
4512938 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 for 32-bit Systems |
4521856 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 for x64-based Systems |
4521856 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2016 |
4521858 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1607 for 32-bit Systems |
4521858 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1607 for x64-based Systems |
4521858 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2016 (Server Core installation) |
4521858 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1703 for 32-bit Systems |
4521859 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1703 for x64-based Systems |
4521859 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1709 for 32-bit Systems |
4521860 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1709 for x64-based Systems |
4521860 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1803 for 32-bit Systems |
4521861 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1803 for x64-based Systems |
4521861 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server version 1803 (Server Core Installation) |
4521861 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1803 for ARM64-based Systems |
4521861 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1809 for 32-bit Systems |
4521862 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1809 for x64-based Systems |
4521862 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1809 for ARM64-based Systems |
4521862 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2019 |
4521862 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2019 (Server Core installation) |
4521862 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1709 for ARM64-based Systems |
4521860 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1903 for 32-bit Systems |
4521863 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1903 for x64-based Systems |
4521863 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows 10 Version 1903 for ARM64-based Systems |
4521863 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server version 1903 (Server Core installation) |
4521863 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4517134 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4517134 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 for x64-based Systems Service Pack 2 |
4517134 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
|
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4517134 Servicing Stack Update |
Critical |
Defense in Depth |
Base:
N/A |
Yes |
CVE-2019-0608 - Microsoft Browser Spoofing Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-0608 |
CVE
Title:Microsoft Browser Spoofing Vulnerability A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability the user must click a specially crafted URL. In an email attack scenario an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it. In a web-based attack scenario an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website typically by way of enticement in an email or instant message and then convince the user to interact with content on the website. The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.
Inion published. |
Important |
Spoofing |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-0608 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 |
4519974 IE Cumulative |
Low |
Spoofing |
4516026 |
Base:
2.4 |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 |
4519974 IE Cumulative |
Low |
Spoofing |
4516026 |
Base:
2.4 |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 |
4519974 IE Cumulative |
Important |
Spoofing |
4524157 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Important |
Spoofing |
4524157 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Low |
Spoofing |
4524157 |
Base:
2.4 |
Yes |
Internet Explorer 11 on Windows Server 2012 |
4519974 IE Cumulative |
Low |
Spoofing |
4524135 |
Base:
2.4 |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems |
4519974 IE Cumulative |
Important |
Spoofing |
4524156 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems |
4519974 IE Cumulative |
Important |
Spoofing |
4524156 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 |
4519974 IE Cumulative |
Low |
Spoofing |
4524156 |
Base:
2.4 |
Yes |
Internet Explorer 11 on Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Spoofing |
4524156 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows Server 2016 |
4519998 Security Update |
Low |
Spoofing |
4524152 |
Base:
2.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows Server 2019 |
4519338 Security Update |
Low |
Spoofing |
4524148 |
Base:
2.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
4.3 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
4.3 |
Yes |
Internet Explorer 10 on Windows Server 2012 |
4520007 Monthly Rollup |
Low |
Spoofing |
4524135 |
Base:
2.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2016 |
4519998 Security Update |
Low |
Spoofing |
4524152 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 |
4519338 Security Update |
Low |
Spoofing |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
4.3 |
Yes |
CVE-2019-1060 - MS XML Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1060 |
CVE
Title:MS XML Remote Code Execution Vulnerability A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However an attacker would have no way to force a user to visit such a website. Instead an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content an attacker could run malicious code remotely to take control of the users system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1060 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows Server 2012 |
4519985 Security Only |
Critical |
Remote Code Execution |
4524154 |
Base:
6.4 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Critical |
Remote Code Execution |
4524154 |
Base:
6.4 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
6.4 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
6.4 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
N/A |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
N/A |
Yes |
Windows Server 2016 |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
N/A |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
N/A |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
N/A |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
N/A |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
N/A |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
N/A |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
N/A |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
N/A |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
N/A |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
N/A |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
N/A |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
N/A |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
6.4 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
6.4 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
N/A |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
N/A |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
N/A |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
N/A |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
N/A |
Yes |
CVE-2019-1070 - Microsoft Office SharePoint XSS Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1070 |
CVE
Title:Microsoft Office SharePoint XSS Vulnerability
A cross-site-sc
The attacker who successfully exploited the vulnerability
could then perform cross-site sc The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
Is the Preview Pane an attack vector for this vulnerability? No the Preview Pane is not an attack vector.
Inion published. |
Important |
Spoofing |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1070 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft SharePoint Foundation 2013 Service Pack 1 |
4484122 Security Update |
Important |
Spoofing |
4484098 |
Base:
N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 |
4484111 Security Update |
Important |
Spoofing |
4475590 |
Base:
N/A |
Maybe |
CVE-2019-1166 - Windows NTLM Tampering Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1166 |
CVE
Title:Windows NTLM Tampering Vulnerability A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature. The update addresses the vulnerability by hardening NTLM MIC protection on the server-side.
Inion published. |
Important |
Tampering |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1166 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Tampering |
4524157 |
Base:
5.9 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Tampering |
4524157 |
Base:
5.9 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Tampering |
4524157 |
Base:
5.9 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Tampering |
4524157 |
Base:
5.9 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Tampering |
4524157 |
Base:
5.9 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Tampering |
4516026 |
Base:
5.9 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Tampering |
4524154 |
Base:
5.9 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Tampering |
4524154 |
Base:
5.9 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Tampering |
4524156 |
Base:
5.9 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Tampering |
4524156 |
Base:
5.9 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Tampering |
4524156 |
Base:
5.9 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Tampering |
4524156 |
Base:
5.9 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Tampering |
4524156 |
Base:
5.9 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Tampering |
4524153 |
Base:
5.9 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Tampering |
4524153 |
Base:
5.9 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Tampering |
4524152 |
Base:
5.9 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Tampering |
4524152 |
Base:
5.9 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Tampering |
4524152 |
Base:
5.9 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Tampering |
4524152 |
Base:
5.9 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Tampering |
4524151 |
Base:
5.9 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Tampering |
4524151 |
Base:
5.9 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Tampering |
4524150 |
Base:
5.9 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Tampering |
4524150 |
Base:
5.9 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Tampering |
4524149 |
Base:
5.9 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Tampering |
4524149 |
Base:
5.9 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Tampering |
4524149 |
Base:
5.9 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Tampering |
4524149 |
Base:
5.9 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Tampering |
4524148 |
Base:
5.9 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Tampering |
4524148 |
Base:
5.9 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Tampering |
4524148 |
Base:
5.9 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Tampering |
4524148 |
Base:
5.9 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Tampering |
4524148 |
Base:
5.9 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Tampering |
4524150 |
Base:
5.9 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Tampering |
4524147 |
Base:
5.9 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Tampering |
4524147 |
Base:
5.9 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Tampering |
4524147 |
Base:
5.9 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Tampering |
4524147 |
Base:
5.9 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Tampering |
4516026 |
Base:
5.9 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Tampering |
4516026 |
Base:
5.9 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Tampering |
4516026 |
Base:
5.9 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Tampering |
4516026 |
Base:
5.9 |
Yes |
CVE-2019-1230 - Hyper-V Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1230 |
CVE
Title:Hyper-V Inion Disclosure Vulnerability An inion disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory inion. An attacker who successfully exploited the vulnerability could gain access to inion on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how the Windows Hyper-V Network Switch validates guest operating system user input.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1230 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
6.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
6.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
6.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
6.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
6.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
6.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
6.8 |
Yes |
CVE-2019-1238
- vbscript Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1238 |
CVE
Title:vb
A remote code execution vulnerability exists in the way
that the vb In a web-based attack scenario an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by
modifying how the sc
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1238 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 |
4519974 IE Cumulative |
Moderate |
Remote Code Execution |
4516026 |
Base:
6.4 |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 |
4519974 IE Cumulative |
Moderate |
Remote Code Execution |
4516026 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 |
4519974 IE Cumulative |
Critical |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Critical |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Moderate |
Remote Code Execution |
4524157 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows Server 2012 |
4519974 IE Cumulative |
Moderate |
Remote Code Execution |
4524135 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems |
4519974 IE Cumulative |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems |
4519974 IE Cumulative |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 |
4519974 IE Cumulative |
Moderate |
Remote Code Execution |
4524156 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows RT 8.1 |
4520005 Monthly Rollup |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2016 |
4519998 Security Update |
Moderate |
Remote Code Execution |
4524152 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2019 |
4519338 Security Update |
Moderate |
Remote Code Execution |
4524148 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Internet Explorer 10 on Windows Server 2012 |
4520007 Monthly Rollup |
Moderate |
Remote Code Execution |
4524135 |
Base:
6.4 |
Yes |
CVE-2019-1239
- vbscript Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1239 |
CVE
Title:vb
A remote code execution vulnerability exists in the way
that the vb In a web-based attack scenario an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by
modifying how the sc
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1239 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2019 |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
6.4 |
Yes |
CVE-2019-1307
- Chakra scripting Engine Memory Corruption Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1307 |
CVE
Title:Chakra sc
A remote code execution vulnerability exists in the way
that the Chakra sc In a web-based attack scenario an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by
modifying how the Chakra sc
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1307 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2016 |
4519998 Security Update |
Moderate |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 |
4519338 Security Update |
Moderate |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
ChakraCore |
Release Notes Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
N/A |
Maybe |
CVE-2019-1308
- Chakra scripting Engine Memory Corruption Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1308 |
CVE
Title:Chakra sc
A remote code execution vulnerability exists in the way
that the Chakra sc In a web-based attack scenario an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by
modifying how the Chakra sc
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1308 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2016 |
4519998 Security Update |
Moderate |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 |
4519338 Security Update |
Moderate |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
ChakraCore |
Release Notes Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Maybe |
CVE-2019-1311 - Windows Imaging API Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1311 |
CVE
Title:Windows Imaging API Remote Code Execution Vulnerability A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability an attacker would have to convince a user to open a specially crafted .WIM file. The update addresses the vulnerability by modifying how the WIM service handles objects in memory.
Inion published. |
Important |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1311 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows Server 2012 |
4519985 Security Only |
Important |
Remote Code Execution |
4524154 |
Base:
7.8 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Remote Code Execution |
4524154 |
Base:
7.8 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.8 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.8 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
CVE-2019-1313 - SQL Server Management Studio Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1313 |
CVE
Title:SQL Server Management Studio Inion Disclosure Vulnerability An inion disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. An attacker who successfully exploited the vulnerability could gain additional database and file inion. The security update addresses the vulnerability by correcting how SQL Server Management Studio enforces permissions.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability relates to SQL table columns that would normally be restricted.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1313 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
SQL Server Management Studio 18.3 |
Release Notes Security Update |
Important |
Inion Disclosure |
Base:
N/A |
Maybe |
|
SQL Server Management Studio 18.3.1 |
Release Notes Security Update |
Important |
Inion Disclosure |
Base:
N/A |
Maybe |
CVE-2019-1314 - Windows 10 Mobile Security Feature Bypass Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1314 |
CVE
Title:Windows 10 Mobile Security Feature Bypass Vulnerability A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen. An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without authenticating to the system. To exploit the vulnerability an attacker would require physical access and the phone would need to have Cortana assistance allowed from the lock screen.
Where do I find the update for Windows 10 Mobile? Microsoft is not planning on fixing this vulnerability in Windows 10 Mobile. Microsoft recommends implementing the workaround to restrict access to Cortana.
The following workaround can protect users from this vulnerability by disabling access to Cortana on the phone lock screen. This can be accomplished by following these steps:
Inion published. |
Important |
Security Feature Bypass |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1314 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Mobile |
Important |
Security Feature Bypass |
Base:
N/A |
CVE-2019-1315 - Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1315 |
CVE
Title:Windows Error Reporting Manager Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles hard links.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1315 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.8 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.8 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.8 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.8 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
CVE-2019-1316 - Microsoft Windows Setup Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1316 |
CVE
Title:Microsoft Windows Setup Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view change or delete data. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by enabling Windows Setup to properly handle user privileges.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1316 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.3 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.3 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.3 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.3 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.3 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.3 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.3 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.3 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.3 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.3 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.3 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.3 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.3 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.3 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.3 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.3 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.3 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.3 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.3 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.3 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.3 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.3 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.3 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.3 |
Yes |
CVE-2019-1317 - Microsoft Windows Denial of Service Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1317 |
CVE
Title:Microsoft Windows Denial of Service Vulnerability A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would allow an attacker to overwrite system files. The update addresses the vulnerability by correcting ACLs to system files.
Inion published. |
Important |
Denial of Service |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1317 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
6.4 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
6.4 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.4 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.4 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.4 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.4 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
6.4 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
6.4 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
6.4 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
6.4 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.4 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.4 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.4 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.4 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.4 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.4 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.4 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.4 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.4 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
6.4 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.4 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.4 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.4 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.4 |
Yes |
CVE-2019-1318 - Microsoft Windows Transport Layer Security Spoofing Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1318 |
CVE
Title:Microsoft Windows Transport Layer Security Spoofing Vulnerability A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized inion. To exploit the vulnerability an attacker would have to conduct a man-in-the-middle attack. The update addresses the vulnerability by correcting how TLS client and server establish and resume sessions with non-EMS peers.
Inion published. |
Important |
Spoofing |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1318 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Spoofing |
4524157 |
Base:
7.7 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Spoofing |
4524157 |
Base:
7.7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Spoofing |
4524157 |
Base:
7.7 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Spoofing |
4524157 |
Base:
7.7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Spoofing |
4524157 |
Base:
7.7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Spoofing |
4516026 |
Base:
7.7 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Spoofing |
4524154 |
Base:
7.7 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Spoofing |
4524154 |
Base:
7.7 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Spoofing |
4524156 |
Base:
7.7 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Spoofing |
4524156 |
Base:
7.7 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Spoofing |
4524156 |
Base:
7.7 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Spoofing |
4524156 |
Base:
7.7 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Spoofing |
4524156 |
Base:
7.7 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
7.7 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
7.7 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
7.7 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
7.7 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
7.7 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
7.7 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
7.7 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
7.7 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
7.7 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
7.7 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
7.7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
7.7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
7.7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
7.7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
7.7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
7.7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
7.7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
7.7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
7.7 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
7.7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
7.7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
7.7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
7.7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
7.7 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Spoofing |
4516026 |
Base:
7.7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Spoofing |
4516026 |
Base:
7.7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Spoofing |
4516026 |
Base:
7.7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Spoofing |
4516026 |
Base:
7.7 |
Yes |
CVE-2019-1319 - Windows Error Reporting Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1319 |
CVE
Title:Windows Error Reporting Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive inion and system functionality. To exploit the vulnerability an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1319 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
CVE-2019-1320 - Microsoft Windows Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1320 |
CVE
Title:Microsoft Windows Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1320 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
CVE-2019-1321 - Microsoft Windows CloudStore Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1321 |
CVE
Title:Microsoft Windows CloudStore Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL). An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows CloudStore handles DACLs.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1321 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
5.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
5.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
5.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
5.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
5.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
5.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
5.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
5.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
5.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
5.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
5.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
5.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
5.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
5.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
5.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
5.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
5.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
5.8 |
Yes |
CVE-2019-1322 - Microsoft Windows Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1322 |
CVE
Title:Microsoft Windows Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1322 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
CVE-2019-1323 - Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1323 |
CVE
Title:Microsoft Windows Update Client Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view change or delete data. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by enabling the Windows Update client to properly handle user privileges.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1323 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
CVE-2019-1325 - Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1325 |
CVE
Title:Windows Redirected Drive Buffering System Elevation of Privilege
Vulnerability An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems. When this vulnerability is exploited within other versions of Windows it can cause a denial of service but not an elevation of privilege. To exploit this vulnerability a low-level authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how rdbss.sys handles these local calls.
Inion published. |
Moderate |
Denial of Service |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1325 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Moderate |
Denial of Service |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Moderate |
Denial of Service |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Moderate |
Denial of Service |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Moderate |
Denial of Service |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Moderate |
Denial of Service |
4524154 |
Base:
5.5 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Moderate |
Denial of Service |
4524154 |
Base:
5.5 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Moderate |
Denial of Service |
4524156 |
Base:
5.5 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Moderate |
Denial of Service |
4524156 |
Base:
5.5 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Moderate |
Denial of Service |
4524156 |
Base:
5.5 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Moderate |
Denial of Service |
4524156 |
Base:
5.5 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Moderate |
Denial of Service |
4524156 |
Base:
5.5 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Moderate |
Denial of Service |
4524153 |
Base:
5.5 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Moderate |
Denial of Service |
4524153 |
Base:
5.5 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Moderate |
Denial of Service |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Moderate |
Denial of Service |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Moderate |
Denial of Service |
4524152 |
Base:
5.5 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Moderate |
Denial of Service |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Moderate |
Denial of Service |
4524151 |
Base:
5.5 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Moderate |
Denial of Service |
4524151 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Moderate |
Denial of Service |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Moderate |
Denial of Service |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Moderate |
Denial of Service |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Moderate |
Denial of Service |
4524149 |
Base:
5.5 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Moderate |
Denial of Service |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Moderate |
Denial of Service |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Moderate |
Denial of Service |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Moderate |
Denial of Service |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Moderate |
Denial of Service |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Moderate |
Denial of Service |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Moderate |
Denial of Service |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Moderate |
Denial of Service |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Moderate |
Denial of Service |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Moderate |
Denial of Service |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Moderate |
Denial of Service |
4524147 |
Base:
5.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Moderate |
Denial of Service |
4524147 |
Base:
5.5 |
Yes |
CVE-2019-1326 - Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1326 |
CVE
Title:Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests.
Inion published. |
Important |
Denial of Service |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1326 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Denial of Service |
4524157 |
Base:
7.5 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Denial of Service |
4524154 |
Base:
7.5 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Denial of Service |
4524154 |
Base:
7.5 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
7.5 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
7.5 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Denial of Service |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
7.5 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
7.5 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
7.5 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
7.5 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
7.5 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
7.5 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
7.5 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
7.5 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
7.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
7.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
7.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
7.5 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
7.5 |
Yes |
CVE-2019-1327 - Microsoft Excel Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1327 |
CVE
Title:Microsoft Excel Remote Code Execution Vulnerability A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights an attacker could take control of the affected system. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead an attacker would have to convince users to click a link typically by way of an enticement in an email or instant message and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
Is the Preview Pane an attack vector for this vulnerability? No the Preview Pane is not an attack vector.
Inion published. |
Important |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1327 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Excel 2010 Service Pack 2 (32-bit editions) |
4484130 Security Update |
Important |
Remote Code Execution |
4475574 |
Base:
N/A |
Maybe |
Microsoft Excel 2010 Service Pack 2 (64-bit editions) |
4484130 Security Update |
Important |
Remote Code Execution |
4475574 |
Base:
N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) |
4484123 Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) |
4484123 Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
Maybe |
Microsoft Excel 2013 RT Service Pack 1 |
4484123 Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
Maybe |
Microsoft Office 2016 for Mac |
Release Notes Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
No |
Microsoft Excel 2016 (32-bit edition) |
4484112 Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
Maybe |
Microsoft Excel 2016 (64-bit edition) |
4484112 Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
Maybe |
Microsoft Office 2019 for 32-bit editions |
Click to Run Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
No |
Microsoft Office 2019 for 64-bit editions |
Click to Run Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
No |
Microsoft Office 2019 for Mac |
Release Notes Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
No |
Office 365 ProPlus for 32-bit Systems |
Click to Run Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
No |
Office 365 ProPlus for 64-bit Systems |
Click to Run Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
No |
CVE-2019-1328 - Microsoft SharePoint Spoofing Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1328 |
CVE
Title:Microsoft SharePoint Spoofing Vulnerability A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability
could then perform cross-site sc The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
Is the Preview Pane an attack vector for this vulnerability? No the Preview Pane is not an attack vector.
Inion published. |
Important |
Spoofing |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1328 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft SharePoint Foundation 2010 Service Pack 2 |
4484131 Security Update |
Important |
Spoofing |
4475605 |
Base:
N/A |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 |
4484122 Security Update |
Important |
Spoofing |
4484098 |
Base:
N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 |
4484111 Security Update |
Important |
Spoofing |
4475590 |
Base:
N/A |
Maybe |
CVE-2019-1329 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1329 |
CVE
Title:Microsoft SharePoint Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability
could then perform cross-site sc The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
Is the Preview Pane an attack vector for this vulnerability? No the Preview Pane is not an attack vector.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1329 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft SharePoint Foundation 2010 Service Pack 2 |
4484131 Security Update |
Important |
Elevation of Privilege |
4475605 |
Base:
N/A |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 |
4484122 Security Update |
Important |
Elevation of Privilege |
4484098 |
Base:
N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 |
4484111 Security Update |
Important |
Elevation of Privilege |
4475590 |
Base:
N/A |
Maybe |
CVE-2019-1330 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1330 |
CVE
Title:Microsoft SharePoint Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability an authenticated attacker would send a specially crafted request to an affected server thereby allowing the impersonation of another SharePoint user. The security update addresses the vulnerability by correcting how Microsoft SharePoint sanitizes user input.
Is the Preview Pane an attack vector for this vulnerability? No the Preview Pane is not an attack vector.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1330 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft SharePoint Foundation 2013 Service Pack 1 |
4475608 Security Update |
Important |
Elevation of Privilege |
4475557 |
Base:
N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 |
4484111 Security Update |
Important |
Elevation of Privilege |
4475590 |
Base:
N/A |
Maybe |
Microsoft SharePoint Server 2019 |
4484110 Security Update |
Important |
Elevation of Privilege |
4475596 |
Base:
N/A |
Maybe |
CVE-2019-1331 - Microsoft Excel Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1331 |
CVE
Title:Microsoft Excel Remote Code Execution Vulnerability A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights an attacker could take control of the affected system. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead an attacker would have to convince users to click a link typically by way of an enticement in an email or instant message and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
Is the Preview Pane an attack vector for this vulnerability? No the Preview Pane is not an attack vector.
Inion published. |
Important |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1331 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Excel 2010 Service Pack 2 (32-bit editions) |
4484130 Security Update |
Important |
Remote Code Execution |
4475574 |
Base:
N/A |
Maybe |
Microsoft Excel 2010 Service Pack 2 (64-bit editions) |
4484130 Security Update |
Important |
Remote Code Execution |
4475574 |
Base:
N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) |
4475569 Security Update |
Important |
Remote Code Execution |
4462224 |
Base:
N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) |
4475569 Security Update |
Important |
Remote Code Execution |
4462224 |
Base:
N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) |
4475558 Security Update |
Important |
Remote Code Execution |
4464543 |
Base:
N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) |
4475558 Security Update |
Important |
Remote Code Execution |
4464543 |
Base:
N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 |
4475558 Security Update |
Important |
Remote Code Execution |
4464543 |
Base:
N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) |
4484123 Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) |
4484123 Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
Maybe |
Microsoft Excel 2013 RT Service Pack 1 |
4484123 Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
Maybe |
Microsoft Office 2016 for Mac |
Release Notes Security Update |
Important |
Remote Code Execution |
4475566 |
Base:
N/A |
No |
Microsoft Excel 2016 (32-bit edition) |
4484112 Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
Maybe |
Microsoft Excel 2016 (64-bit edition) |
4484112 Security Update |
Important |
Remote Code Execution |
4475579 |
Base:
N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) |
4475554 Security Update |
Important |
Remote Code Execution |
4461539 |
Base:
N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) |
4475554 Security Update |
Important |
Remote Code Execution |
4461539 |
Base:
N/A |
Maybe |
Office Online Server |
4475595 Security Update |
Important |
Remote Code Execution |
4475528 |
Base:
N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
4462215 Security Update |
Important |
Remote Code Execution |
4022236 |
Base:
N/A |
Maybe |
Microsoft Office 2019 for 32-bit editions |
Click to Run Security Update |
Important |
Remote Code Execution |
4022236 |
Base:
N/A |
No |
Microsoft Office 2019 for 64-bit editions |
Click to Run Security Update |
Important |
Remote Code Execution |
4022236 |
Base:
N/A |
No |
Microsoft Office 2019 for Mac |
Release Notes Security Update |
Important |
Remote Code Execution |
4022236 |
Base:
N/A |
No |
Office 365 ProPlus for 32-bit Systems |
Click to Run Security Update |
Important |
Remote Code Execution |
4022236 |
Base:
N/A |
No |
Office 365 ProPlus for 64-bit Systems |
Click to Run Security Update |
Important |
Remote Code Execution |
4022236 |
Base:
N/A |
No |
Excel Services on Microsoft SharePoint Server 2010 Service Pack 2 |
4462176 Security Update |
Important |
Remote Code Execution |
4461569 |
Base:
N/A |
Maybe |
CVE-2019-1333 - Remote Desktop Client Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1333 |
CVE
Title:Remote Desktop Client Remote Code Execution Vulnerability A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. To exploit this vulnerability an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server they would need to trick the user into connecting via social engineering DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server host malicious code on it and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1333 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Critical |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Critical |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Critical |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Critical |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Critical |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Critical |
Remote Code Execution |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Critical |
Remote Code Execution |
4524154 |
Base:
7.5 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Critical |
Remote Code Execution |
4524154 |
Base:
7.5 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Critical |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
7.5 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
7.5 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
7.5 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
7.5 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Critical |
Remote Code Execution |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Critical |
Remote Code Execution |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Critical |
Remote Code Execution |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Critical |
Remote Code Execution |
4516026 |
Base:
7.5 |
Yes |
CVE-2019-1334 - Windows Kernel Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1334 |
CVE
Title:Windows Kernel Inion Disclosure Vulnerability An inion disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain inion to further compromise the users system. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly but it could be used to obtain inion that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1334 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
4.7 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
4.7 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
4.7 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Inion Disclosure |
4524156 |
Base:
4.7 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
4.7 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Inion Disclosure |
4524153 |
Base:
4.7 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Inion Disclosure |
4524153 |
Base:
4.7 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
4.7 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
4.7 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
4.7 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
4.7 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
4.7 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
4.7 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
4.7 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
4.7 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
4.7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
4.7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
4.7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
4.7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.7 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
4.7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
4.7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
4.7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
4.7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
4.7 |
Yes |
CVE-2019-1335
- Chakra scripting Engine Memory Corruption Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1335 |
CVE
Title:Chakra sc
A remote code execution vulnerability exists in the way
that the Chakra sc In a web-based attack scenario an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by
modifying how the Chakra sc
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1335 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2016 |
4519998 Security Update |
Moderate |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 |
4519338 Security Update |
Moderate |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
ChakraCore |
Release Notes Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Maybe |
CVE-2019-1336 - Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1336 |
CVE
Title:Microsoft Windows Update Client Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view change or delete data. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by enabling the Windows Update client to properly handle user privileges.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1336 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
CVE-2019-1337 - Windows Update Client Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1337 |
CVE
Title:Windows Update Client Inion Disclosure Vulnerability An inion disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. To exploit this vulnerability an authenticated attacker could run a specially crafted application in user mode. The update addresses the vulnerability by correcting how the Windows Update Client handles objects in memory.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1337 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
CVE-2019-1338 - Windows NTLM Security Feature Bypass Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1338 |
CVE
Title:Windows NTLM Security Feature Bypass Vulnerability A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability the attacker would need to be able to modify NTLM traffic exchange. The update addresses the vulnerability by hardening NTLMv2 protection on the server-side.
Inion published. |
Important |
Security Feature Bypass |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1338 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Security Feature Bypass |
4524157 |
Base:
5.3 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Security Feature Bypass |
4524157 |
Base:
5.3 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Security Feature Bypass |
4524157 |
Base:
5.3 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Security Feature Bypass |
4524157 |
Base:
5.3 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Security Feature Bypass |
4524157 |
Base:
5.3 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Security Feature Bypass |
4516026 |
Base:
5.3 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Security Feature Bypass |
4516026 |
Base:
5.3 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Security Feature Bypass |
4516026 |
Base:
5.3 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Security Feature Bypass |
4516026 |
Base:
5.3 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Security Feature Bypass |
4516026 |
Base:
5.3 |
Yes |
CVE-2019-1339 - Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1339 |
CVE
Title:Windows Error Reporting Manager Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles hard links.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1339 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.8 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.8 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.8 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.8 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
CVE-2019-1340 - Microsoft Windows Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1340 |
CVE
Title:Microsoft Windows Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by not permitting Windows AppX Deployment Server to create files in arbitrary locations.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1340 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
CVE-2019-1341 - Windows Power Service Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1341 |
CVE
Title:Windows Power Service Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when umpo.dll of the Power Service improperly handles a Registry Restore Key function. An attacker who successfully exploited this vulnerability could delete a targeted registry key leading to an elevated status. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how umpo.dll of the Power Service handles Registry Restore Key requests.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1341 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.8 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.8 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.8 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.8 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7.8 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.8 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.8 |
Yes |
CVE-2019-1342 - Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1342 |
CVE
Title:Windows Error Reporting Manager Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles process crashes.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1342 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Elevation of Privilege |
4524153 |
Base:
7 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Elevation of Privilege |
4524151 |
Base:
7 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Elevation of Privilege |
4524150 |
Base:
7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
CVE-2019-1343 - Windows Denial of Service Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1343 |
CVE
Title:Windows Denial of Service Vulnerability A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Inion published. |
Important |
Denial of Service |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1343 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows Server 2012 |
4519985 Security Only |
Important |
Denial of Service |
4524154 |
Base:
6.5 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Denial of Service |
4524154 |
Base:
6.5 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
6.5 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
6.5 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
6.5 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Denial of Service |
4524156 |
Base:
6.5 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
6.5 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
6.5 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
6.5 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.5 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.5 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.5 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
6.5 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
6.5 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
6.5 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
6.5 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
6.5 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.5 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.5 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.5 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
6.5 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
6.5 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
6.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
6.5 |
Yes |
CVE-2019-1344 - Windows Code Integrity Module Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1344 |
CVE
Title:Windows Code Integrity Module Inion Disclosure Vulnerability An inion disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain inion to further compromise the users system. To exploit the vulnerability an attacker would have to log on to an affected system and run a specially crafted application or convince a target to run a crafted application. The security update addresses the vulnerability by modifying how the Code Integrity Module handles objects in memory.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1344 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Inion Disclosure |
4516026 |
Base:
5.5 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Inion Disclosure |
4524154 |
Base:
5.5 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Inion Disclosure |
4524154 |
Base:
5.5 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
5.5 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
5.5 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
5.5 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Inion Disclosure |
4524156 |
Base:
5.5 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Inion Disclosure |
4524156 |
Base:
5.5 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Inion Disclosure |
4524153 |
Base:
5.5 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Inion Disclosure |
4524153 |
Base:
5.5 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
5.5 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Inion Disclosure |
4516026 |
Base:
5.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Inion Disclosure |
4516026 |
Base:
5.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Inion Disclosure |
4516026 |
Base:
5.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Inion Disclosure |
4516026 |
Base:
5.5 |
Yes |
CVE-2019-1345 - Windows Kernel Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1345 |
CVE
Title:Windows Kernel Inion Disclosure Vulnerability An inion disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain inion to further compromise the users system. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly but it could be used to obtain inion that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1345 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows Server 2016 |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
5.5 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
5.5 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
5.5 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
5.5 |
Yes |
CVE-2019-1346 - Windows Denial of Service Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1346 |
CVE
Title:Windows Denial of Service Vulnerability A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Inion published. |
Important |
Denial of Service |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1346 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Denial of Service |
4524157 |
Base:
5.7 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
5.7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
5.7 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
5.7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Denial of Service |
4524157 |
Base:
5.7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
5.7 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Denial of Service |
4524154 |
Base:
5.7 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Denial of Service |
4524154 |
Base:
5.7 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
5.7 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
5.7 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
5.7 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
5.7 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
5.7 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
5.7 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
5.7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
5.7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
5.7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
5.7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Denial of Service |
4516026 |
Base:
5.7 |
Yes |
CVE-2019-1347 - Windows Denial of Service Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1347 |
CVE
Title:Windows Denial of Service Vulnerability A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Inion published. |
Important |
Denial of Service |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1347 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Denial of Service |
4524156 |
Base:
5.7 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
5.7 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Denial of Service |
4524153 |
Base:
5.7 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Denial of Service |
4524152 |
Base:
5.7 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
5.7 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Denial of Service |
4524151 |
Base:
5.7 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
5.7 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
5.7 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Denial of Service |
4524149 |
Base:
5.7 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Denial of Service |
4524148 |
Base:
5.7 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Denial of Service |
4524150 |
Base:
5.7 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Denial of Service |
4524147 |
Base:
5.7 |
Yes |
CVE-2019-1356 - Microsoft Edge based on Edge HTML Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1356 |
CVE
Title:Microsoft Edge based on Edge HTML Inion Disclosure Vulnerability An inion disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain inion to further compromise the users system. To exploit the vulnerability in a web-based attack scenario an attacker could host a website in an attempt to exploit the vulnerability. In addition compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead an attacker would have to convince a user to take action. For example an attacker could trick a user into clicking a link that takes the user to the attacker's site. The update addresses the vulnerability by modifying how Microsoft Edge based on Edge HTML handles objects in memory.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability by escaping the sandbox is the ability to read local files.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1356 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Edge (EdgeHTML-based) on Windows Server 2016 |
4519998 Security Update |
Low |
Inion Disclosure |
4524152 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Inion Disclosure |
4524152 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Inion Disclosure |
4524151 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Inion Disclosure |
4524149 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Inion Disclosure |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 |
4519338 Security Update |
Low |
Inion Disclosure |
4524148 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Inion Disclosure |
4524150 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
4.3 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Inion Disclosure |
4524147 |
Base:
4.3 |
Yes |
CVE-2019-1357 - Microsoft Browser Spoofing Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1357 |
CVE
Title:Microsoft Browser Spoofing Vulnerability A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies. An attacker who successfully exploited this vulnerability could trick a browser into overwriting a secure cookie with an insecure cookie. The insecure cookie could serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability the user must either browse to a malicious website or be redirected to it. In an email attack scenario an attacker could send an email message in an attempt to convince the user to click a link to a malicious site. In a web-based attack scenario an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website typically by way of enticement in an email or instant message. The security update addresses the vulnerability by correcting how Microsoft Browsers handle browser cookies.
Inion published. |
Important |
Spoofing |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1357 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 |
4519974 IE Cumulative |
Important |
Spoofing |
4524157 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Important |
Spoofing |
4524157 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Low |
Spoofing |
4524157 |
Base:
3.5 |
Yes |
Internet Explorer 11 on Windows Server 2012 |
4519974 IE Cumulative |
Low |
Spoofing |
4524135 |
Base:
3.5 |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems |
4519974 IE Cumulative |
Important |
Spoofing |
4524156 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems |
4519974 IE Cumulative |
Important |
Spoofing |
4524156 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 |
4519974 IE Cumulative |
Low |
Spoofing |
4524156 |
Base:
3.5 |
Yes |
Internet Explorer 11 on Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Spoofing |
4524156 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Spoofing |
4524153 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows Server 2016 |
4519998 Security Update |
Low |
Spoofing |
4524152 |
Base:
3.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Spoofing |
4524152 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Spoofing |
4524151 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows Server 2019 |
4519338 Security Update |
Low |
Spoofing |
4524148 |
Base:
3.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Spoofing |
4524150 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
5.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
5.4 |
Yes |
Internet Explorer 10 on Windows Server 2012 |
4520007 Monthly Rollup |
Low |
Spoofing |
4524135 |
Base:
3.5 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Spoofing |
4524149 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 |
4519338 Security Update |
Important |
Spoofing |
4524148 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
5.4 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Spoofing |
4524147 |
Base:
5.4 |
Yes |
CVE-2019-1358 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1358 |
CVE
Title:Jet Database Engine Remote Code Execution Vulnerability A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Are Active Directory and Exchange Server affected by this vulnerability? No Active Directory and Exchange Server are not affected.
Inion published. |
Important |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1358 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Remote Code Execution |
4524154 |
Base:
7.8 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Remote Code Execution |
4524154 |
Base:
7.8 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.8 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.8 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
CVE-2019-1359 - Jet Database Engine Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1359 |
CVE
Title:Jet Database Engine Remote Code Execution Vulnerability A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Are Active Directory and Exchange Server affected by this vulnerability? No Active Directory and Exchange Server are not affected.
Inion published. |
Important |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1359 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Remote Code Execution |
4524157 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Remote Code Execution |
4524154 |
Base:
7.8 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Remote Code Execution |
4524154 |
Base:
7.8 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Remote Code Execution |
4524156 |
Base:
7.8 |
Yes |
Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.8 |
Yes |
Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.8 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.8 |
Yes |
Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.8 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Remote Code Execution |
4516026 |
Base:
7.8 |
Yes |
CVE-2019-1361 - Microsoft Graphics Components Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1361 |
CVE
Title:Microsoft Graphics Components Inion Disclosure Vulnerability An inion disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain inion that could be useful for further exploitation. To exploit the vulnerability a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1361 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
CVE-2019-1362 - Win32k Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1362 |
CVE
Title:Win32k Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1362 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
CVE-2019-1363 - Windows GDI Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1363 |
CVE
Title:Windows GDI Inion Disclosure Vulnerability An inion disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory allowing an attacker to retrieve inion from a targeted system. By itself the inion disclosure does not allow arbitrary code execution; however it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI handles memory addresses.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1363 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Inion Disclosure |
4524157 |
Base:
5.5 |
Yes |
CVE-2019-1364 - Win32k Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1364 |
CVE
Title:Win32k Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. To exploit this vulnerability an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1364 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7 |
Yes |
CVE-2019-1365 - Microsoft IIS Server Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1365 |
CVE
Title:Microsoft IIS Server Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox. The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1365 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 |
4520003 Security Only |
Important |
Elevation of Privilege |
4524157 |
Base:
7.5 |
Yes |
Windows 7 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519976 Monthly Rollup |
Important |
Elevation of Privilege |
4524157 |
Base:
7.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2012 |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.5 |
Yes |
Windows Server 2012 (Server Core installation) |
4519985 Security Only |
Important |
Elevation of Privilege |
4524154 |
Base:
7.5 |
Yes |
Windows 8.1 for 32-bit systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.5 |
Yes |
Windows 8.1 for x64-based systems |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.5 |
Yes |
Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Elevation of Privilege |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2012 R2 (Server Core installation) |
4519990 Security Only |
Important |
Elevation of Privilege |
4524156 |
Base:
7.5 |
Yes |
Windows Server 2016 |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.5 |
Yes |
Windows Server 2016 (Server Core installation) |
4519998 Security Update |
Important |
Elevation of Privilege |
4524152 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.5 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Elevation of Privilege |
4524149 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.5 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.5 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Elevation of Privilege |
4524148 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.5 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.5 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Elevation of Privilege |
4524147 |
Base:
7.5 |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.5 |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) |
4520002 Monthly Rollup |
Important |
Elevation of Privilege |
4516026 |
Base:
7.5 |
Yes |
CVE-2019-1366
- Chakra scripting Engine Memory Corruption Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1366 |
CVE
Title:Chakra sc
A remote code execution vulnerability exists in the way
that the Chakra sc In a web-based attack scenario an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by
modifying how the Chakra sc
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1366 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems |
4520011 Security Update |
Critical |
Remote Code Execution |
4524153 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2016 |
4519998 Security Update |
Moderate |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Critical |
Remote Code Execution |
4524152 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Critical |
Remote Code Execution |
4524151 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Critical |
Remote Code Execution |
4524149 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Critical |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 |
4519338 Security Update |
Moderate |
Remote Code Execution |
4524148 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Critical |
Remote Code Execution |
4524150 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Yes |
ChakraCore |
Release Notes Security Update |
Critical |
Remote Code Execution |
4524147 |
Base:
4.2 |
Maybe |
CVE-2019-1368 - Windows Secure Boot Security Feature Bypass Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1368 |
CVE
Title:Windows Secure Boot Security Feature Bypass Vulnerability A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. To exploit the vulnerability an attacker must gain physical access to the target system prior to the next system reboot. The security update addresses the vulnerability by preventing access to certain debugging options when Windows Secure Boot is enabled.
Inion published. |
Important |
Security Feature Bypass |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1368 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Security Feature Bypass |
4524149 |
Base:
4.9 |
Yes |
Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Security Feature Bypass |
4524149 |
Base:
4.9 |
Yes |
Windows Server version 1803 (Server Core Installation) |
4520008 Security Update |
Important |
Security Feature Bypass |
4524149 |
Base:
4.9 |
Yes |
Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Security Feature Bypass |
4524149 |
Base:
4.9 |
Yes |
Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Security Feature Bypass |
4524148 |
Base:
4.9 |
Yes |
Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Security Feature Bypass |
4524148 |
Base:
4.9 |
Yes |
Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Security Feature Bypass |
4524148 |
Base:
4.9 |
Yes |
Windows Server 2019 |
4519338 Security Update |
Important |
Security Feature Bypass |
4524148 |
Base:
4.9 |
Yes |
Windows Server 2019 (Server Core installation) |
4519338 Security Update |
Important |
Security Feature Bypass |
4524148 |
Base:
4.9 |
Yes |
Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Security Feature Bypass |
4524147 |
Base:
4.9 |
Yes |
Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Security Feature Bypass |
4524147 |
Base:
4.9 |
Yes |
Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Security Feature Bypass |
4524147 |
Base:
4.9 |
Yes |
Windows Server version 1903 (Server Core installation) |
4517389 Security Update |
Important |
Security Feature Bypass |
4524147 |
Base:
4.9 |
Yes |
CVE-2019-1369 - Open Enclave SDK Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1369 |
CVE
Title:Open Enclave SDK Inion Disclosure Vulnerability An inion disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain inion stored in the Enclave. To exploit this vulnerability an attacker would have to successfully compromise the host application running the enclave. The attacker can then pivot to the enclave and exploit this vulnerability without user interaction. The security update addresses the vulnerability by modifying how Open Enclave SDK handle objects in memory.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability is Enclave memory read - unprivileged write to enclave memory from a host application which can leak memory contents of the enclave.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1369 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Open Enclave SDK |
Release Notes Security Update |
Important |
Inion Disclosure |
Base:
N/A |
Maybe |
CVE-2019-1371 - Internet Explorer Memory Corruption Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1371 |
CVE
Title:Internet Explorer Memory Corruption Vulnerability A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights the attacker could take control of an affected system. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites or websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. However in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead an attacker would have to convince a user to take action typically by an enticement in an email or instant message or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.
Inion published. |
Important |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1371 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 |
4519974 IE Cumulative |
Low |
Remote Code Execution |
4516026 |
Base:
6.4 |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 |
4519974 IE Cumulative |
Low |
Remote Code Execution |
4516026 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 |
4519974 IE Cumulative |
Important |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Important |
Remote Code Execution |
4524157 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
4519974 IE Cumulative |
Low |
Remote Code Execution |
4524157 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows Server 2012 |
4519974 IE Cumulative |
Low |
Remote Code Execution |
4524135 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems |
4519974 IE Cumulative |
Important |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems |
4519974 IE Cumulative |
Important |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 |
4519974 IE Cumulative |
Low |
Remote Code Execution |
4524156 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows RT 8.1 |
4520005 Monthly Rollup |
Important |
Remote Code Execution |
4524156 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems |
4520011 Security Update |
Important |
Remote Code Execution |
4524153 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2016 |
4519998 Security Update |
Low |
Remote Code Execution |
4524152 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems |
4519998 Security Update |
Important |
Remote Code Execution |
4524152 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems |
4520010 Security Update |
Important |
Remote Code Execution |
4524151 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems |
4520008 Security Update |
Important |
Remote Code Execution |
4524149 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems |
4519338 Security Update |
Important |
Remote Code Execution |
4524148 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows Server 2019 |
4519338 Security Update |
Low |
Remote Code Execution |
4524148 |
Base:
6.4 |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems |
4520004 Security Update |
Important |
Remote Code Execution |
4524150 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems |
4517389 Security Update |
Important |
Remote Code Execution |
4524147 |
Base:
7.5 |
Yes |
Internet Explorer 10 on Windows Server 2012 |
4520007 Monthly Rollup |
Low |
Remote Code Execution |
4524135 |
Base:
6.4 |
Yes |
CVE-2019-1372 - Azure App Service Remote Code Execution Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1372 |
CVE
Title:Azure App Service Remote Code Execution Vulnerability An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox. The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs.
Inion published. |
Critical |
Remote Code Execution |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1372 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Azure App Service on Azure Stack |
Release Notes Security Update |
Critical |
Remote Code Execution |
Base:
N/A |
Maybe |
CVE-2019-1375
- Microsoft Dynamics 365 (On-Premise) Cross Site scripting Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1375 |
CVE
Title:Microsoft Dynamics 365 (On-Premise) Cross Site sc
A cross site sc
The attacker who successfully exploited the vulnerability
could then perform cross-site sc The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.
Inion published. |
Important |
Spoofing |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1375 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Microsoft Dynamics 365 (on-premises) version 9.0 |
4515519 Security Update |
Important |
Spoofing |
Base:
N/A |
Maybe |
CVE-2019-1376 - SQL Server Management Studio Inion Disclosure Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1376 |
CVE
Title:SQL Server Management Studio Inion Disclosure Vulnerability An inion disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database. An attacker who successfully exploited the vulnerability could gain additional database and file inion. The security update addresses the vulnerability by correcting how SQL Server Management Studio enforces permissions.
What type of inion could be disclosed by this vulnerability? The type of inion that could be disclosed if an attacker successfully exploited this vulnerability relates to SQL table columns that would normally be restricted.
Inion published. |
Important |
Inion Disclosure |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1376 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
SQL Server Management Studio 18.3.1 |
Release Notes Security Update |
Important |
Inion Disclosure |
Base:
N/A |
Maybe |
CVE-2019-1378 - Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE ID |
Vulnerability
Desc |
Maximum Severity Rating |
Vulnerability Impact |
CVE-2019-1378 |
CVE
Title:Windows 10 Update Assistant Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability an attacker could then install programs; view change or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring the Windows 10 Update Assistant properly handles permissions.
Inion published. |
Important |
Elevation of Privilege |
Affected Software
The following tables list the affected software details for the vulnerability.
CVE-2019-1378 |
||||||
Product |
KB Article |
Severity |
Impact |
Supersedence |
CVSS Score Set |
Restart Required |
Windows Update Assistant |
Update pending |
Important |
Elevation of Privilege |
Base:
N/A |
Maybe |
声 明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。
关于绿盟科技
北京神州绿盟信息安全科技股份有限公司(简称绿盟科技)成立于2000年4月,总部位于北京。在国内外设有30多个分支机构,为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户,提供具有核心竞争力的安全产品及解决方案,帮助客户实现业务的安全顺畅运行。
基于多年的安全攻防研究,绿盟科技在网络及终端安全、互联网基础安全、合规及安全管理等领域,为客户提供入侵检测/防护、抗拒绝服务攻击、远程安全评估以及Web安全防护等产品以及专业安全服务。
北京神州绿盟信息安全科技股份有限公司于2014年1月29日起在深圳证券交易所创业板上市,股票简称:绿盟科技,股票代码:300369。
浏览次数:
关 闭