ID CVE-2019-0552 Type cve Reporter cve@mitre.org Modified 2020-08-24T17:37:00
Description
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
{"symantec": [{"lastseen": "2019-01-09T01:37:07", "bulletinFamily": "software", "cvelist": ["CVE-2019-0552"], "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-01-08T00:00:00", "published": "2019-01-08T00:00:00", "id": "SMNTC-106407", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/106407", "type": "symantec", "title": "Microsoft Windows COM CVE-2019-0552 Local Privilege Escalation Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2019-01-14T18:59:12", "description": "", "published": "2019-01-14T00:00:00", "type": "exploitdb", "title": "Microsoft Windows 10 - COM Desktop Broker Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-0552"], "modified": "2019-01-14T00:00:00", "id": "EDB-ID:46162", "href": "https://www.exploit-db.com/exploits/46162", "sourceData": "Windows: COM Desktop Broker Elevation of Privilege\r\nPlatform: Windows 10 1809 (almost certainly earlier versions as well).\r\nClass: Elevation of Privilege\r\nSecurity Boundary (per Windows Security Service Criteria): AppContainer Sandbox\r\n\r\nSummary: \r\n\r\nThe COM Desktop Broker doesn\u2019t correctly check permissions resulting in elevation of privilege and sandbox escape.\r\n\r\nDescription:\r\nWindows 10 introduced \u201cBrokered Windows Runtime Components for side-loaded applications\u201d which allows a UWP application to interact with privileged components by allowing developers to write a custom broker in .NET. Rather than handling this with the existing Runtime Broker a new \u201cDesktop Broker\u201d was created and plumbed into the COM infrastructure. This required changes in COMBASE to instantiate the broker class and RPCSS to control access to the broker.\r\n\r\nThe stated purpose is only for use by sideloaded enterprise applications, specifically .NET based ones. Looking at the checks in RPCSS for the activation of the broker we can see the check as follows:\r\n\r\nHRESULT IsSideLoadedPackage(LPCWSTR *package_name, bool *is_sideloaded) {\r\n PackageOrigin origin;\r\n *is_sideloaded = false;\r\n HRESULT hr = GetStagedPackageOrigin(package_name, &origin);\r\n if (FAILED(hr))\r\n return hr;\r\n \r\n *is_sideloaded = origin != PackageOrigin_Store;\r\n return S_OK;\r\n}\r\n\r\nThis check is interesting because it considered anything to be sideloaded that hasn\u2019t come from the Store. Looking at the PackageOrigin enumeration this includes Inbox applications such as Cortana and Edge both of which process potentially untrusted content from the network. Of course this isn\u2019t an issue if the broker is secure, but\u2026\r\n\r\nFor a start, as long as RPCSS thinks the current package is side-loaded this feature doesn\u2019t require any further capability to use, or at least nothing checks for one during the process. Even in the side loading case this isn\u2019t ideal, it means that even though a side loaded application is in the sandbox this would allow the application to escape without giving the installer of the application any notice that it has effectively full trust. Contrast this with Desktop Bridge UWP applications which require the \u201cfullTrust\u201d capability to invoke a Win32 application outside the sandbox. This is even more important for a sandbox escape from an Inbox application as you can\u2019t change the capabilities at all without having privileged access. Now, technically you\u2019re supposed to have the appropriate configuration inside the application\u2019s manifest to use this, but that only applies if you\u2019re activating through standard COM Runtime activation routes, instead you can just create an instance of the broker\u2019s class (which is stored in the registry, but at least seems to always be C8FFC414-946D-4E61-A302-9B9713F84448). This class is running in a DLL surrogate at normal user privileges. Therefore any issue with this interface is a sandbox escape. The call implements a single interface, IWinRTDesktopBroker, which looks like:\r\n\r\nclass IWinRTDesktopBroker : public IUnknown {\r\n HRESULT GetClassActivatorForApplication(HSTRING dir, IWinRTClassActivator** ppv);\r\n};\r\n\r\nThis interface has only one method, GetClassActivatorForApplication which takes the path to the brokered components directory. No verification of this directory takes place, it can be anywhere you specify. I\u2019d have assumed it might have at least been limited to a special subdirectory of the package installation, but I\u2019d clearly be wrong. Passing an arbitrary directory to this method, you get back the following interface:\r\n\r\nclass IWinRTClassActivator : public IUnknown {\r\n HRESULT ActivateInstance(HSTRING activatableClassId, IInspectable** ppv);\r\n HRESULT GetActivationFactory(HSTRING activatableClassId, REFIID riid, IUnknown** ppv);\r\n};\r\n\r\nSo to escape the sandbox with this you can create directory somewhere, copy in a WinRT component winmd file then activate it. The activation process will run class constructors and give you arbitrary code execution outside the sandbox. \r\n\r\nHowever, even if the directory was checked in some way as long as you can get back the IWinRTClassActivator interface you could still escape the sandbox as the object is actually an instance of the System.Runtime.InteropServices.WindowsRuntime.WinRTClassActivator class which is implemented by the .NET BCL. This means that it exposes a managed DCOM object to a low-privileged caller which is pretty simple to exploit using my old serialization attacks (e.g. MSRC case 37122). The funny thing is MSRC wrote a blog post [1] about not using Managed DCOM across security boundaries almost certainly before this code was implemented but clearly it wasn\u2019t understood.\r\n[1] https://blogs.technet.microsoft.com/srd/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability/\r\n\r\nThere are some caveats, as far as I can tell you can\u2019t create this broker from an LPAC Edge content process, more because the connection to the broker fails rather than any activation permissions check. Therefore to exploit from Edge you\u2019d need to get into the MicrosoftEdge process (or another process outside of LPAC). This is left as an exercise for the reader.\r\n\r\nFixing wise, I\u2019d guess unless you\u2019re actually using this for Inbox applications at a minimum you probably should only Developer and LOB origins. Ideally you\u2019d probably want to require a capability for its use but the horse may have bolted on that one. Anyway you might not consider this an issue as it can\u2019t easily be used from LPAC and side-loading is an issue unto itself.\r\n\r\nProof of Concept:\r\n\r\nI\u2019ve provided a PoC as a solution containing the C# PoC and Brokered Component as well as a DLL which can be injected into Edge to demonstrate the issue. The PoC will inject the DLL into a running MicrosoftEdge process and run the attack. Note that the PoC needs to know the relative location of the ntdll!LdrpKnownDllDirectoryHandle symbol for x64 in order to work. It should be set up for the initial release of RS5 (17763.1) but if you need to run it on another machine you\u2019ll need to modify GetHandleAddress in the PoC to check the version string from NTDLL and return the appropriate location (you can get the offset in WinDBG using \u2018? ntdll!LdrpKnownDllDirectoryHandle-ntdll). Also before you ask, the injection isn\u2019t a CIG bypass you need to be able to create an image section from an arbitrary file to perform the injection which you can do inside a process running with CIG.\r\n\r\n1) Compile the solution in \u201cRelease\u201d mode for \u201cAny CPU\u201d. It\u2019ll need to pull NtApiDotNet from NuGet to build.\r\n2) Start a copy of Edge.\r\n3) Execute the PoC from the x64\\Release directory.\r\n\r\nExpected Result:\r\nCreating the broker fails.\r\n\r\nObserved Result:\r\nThe broker creation succeeds and notepad executes outside the sandbox.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46162.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/46162"}], "zdt": [{"lastseen": "2019-02-06T07:20:51", "description": "Exploit for windows platform in category local exploits", "edition": 1, "published": "2019-01-15T00:00:00", "title": "Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-0552"], "modified": "2019-01-15T00:00:00", "id": "1337DAY-ID-31971", "href": "https://0day.today/exploit/description/31971", "sourceData": "Windows: COM Desktop Broker Elevation of Privilege\r\nPlatform: Windows 10 1809 (almost certainly earlier versions as well).\r\nClass: Elevation of Privilege\r\nSecurity Boundary (per Windows Security Service Criteria): AppContainer Sandbox\r\n\r\nSummary: \r\n\r\nThe COM Desktop Broker doesn\u2019t correctly check permissions resulting in elevation of privilege and sandbox escape.\r\n\r\nDescription:\r\nWindows 10 introduced \u201cBrokered Windows Runtime Components for side-loaded applications\u201d which allows a UWP application to interact with privileged components by allowing developers to write a custom broker in .NET. Rather than handling this with the existing Runtime Broker a new \u201cDesktop Broker\u201d was created and plumbed into the COM infrastructure. This required changes in COMBASE to instantiate the broker class and RPCSS to control access to the broker.\r\n\r\nThe stated purpose is only for use by sideloaded enterprise applications, specifically .NET based ones. Looking at the checks in RPCSS for the activation of the broker we can see the check as follows:\r\n\r\nHRESULT IsSideLoadedPackage(LPCWSTR *package_name, bool *is_sideloaded) {\r\n PackageOrigin origin;\r\n *is_sideloaded = false;\r\n HRESULT hr = GetStagedPackageOrigin(package_name, &origin);\r\n if (FAILED(hr))\r\n return hr;\r\n \r\n *is_sideloaded = origin != PackageOrigin_Store;\r\n return S_OK;\r\n}\r\n\r\nThis check is interesting because it considered anything to be sideloaded that hasn\u2019t come from the Store. Looking at the PackageOrigin enumeration this includes Inbox applications such as Cortana and Edge both of which process potentially untrusted content from the network. Of course this isn\u2019t an issue if the broker is secure, but\u2026\r\n\r\nFor a start, as long as RPCSS thinks the current package is side-loaded this feature doesn\u2019t require any further capability to use, or at least nothing checks for one during the process. Even in the side loading case this isn\u2019t ideal, it means that even though a side loaded application is in the sandbox this would allow the application to escape without giving the installer of the application any notice that it has effectively full trust. Contrast this with Desktop Bridge UWP applications which require the \u201cfullTrust\u201d capability to invoke a Win32 application outside the sandbox. This is even more important for a sandbox escape from an Inbox application as you can\u2019t change the capabilities at all without having privileged access. Now, technically you\u2019re supposed to have the appropriate configuration inside the application\u2019s manifest to use this, but that only applies if you\u2019re activating through standard COM Runtime activation routes, instead you can just create an instance of the broker\u2019s class (which is stored in the registry, but at least seems to always be C8FFC414-946D-4E61-A302-9B9713F84448). This class is running in a DLL surrogate at normal user privileges. Therefore any issue with this interface is a sandbox escape. The call implements a single interface, IWinRTDesktopBroker, which looks like:\r\n\r\nclass IWinRTDesktopBroker : public IUnknown {\r\n HRESULT GetClassActivatorForApplication(HSTRING dir, IWinRTClassActivator** ppv);\r\n};\r\n\r\nThis interface has only one method, GetClassActivatorForApplication which takes the path to the brokered components directory. No verification of this directory takes place, it can be anywhere you specify. I\u2019d have assumed it might have at least been limited to a special subdirectory of the package installation, but I\u2019d clearly be wrong. Passing an arbitrary directory to this method, you get back the following interface:\r\n\r\nclass IWinRTClassActivator : public IUnknown {\r\n HRESULT ActivateInstance(HSTRING activatableClassId, IInspectable** ppv);\r\n HRESULT GetActivationFactory(HSTRING activatableClassId, REFIID riid, IUnknown** ppv);\r\n};\r\n\r\nSo to escape the sandbox with this you can create directory somewhere, copy in a WinRT component winmd file then activate it. The activation process will run class constructors and give you arbitrary code execution outside the sandbox. \r\n\r\nHowever, even if the directory was checked in some way as long as you can get back the IWinRTClassActivator interface you could still escape the sandbox as the object is actually an instance of the System.Runtime.InteropServices.WindowsRuntime.WinRTClassActivator class which is implemented by the .NET BCL. This means that it exposes a managed DCOM object to a low-privileged caller which is pretty simple to exploit using my old serialization attacks (e.g. MSRC case 37122). The funny thing is MSRC wrote a blog post [1] about not using Managed DCOM across security boundaries almost certainly before this code was implemented but clearly it wasn\u2019t understood.\r\n[1] https://blogs.technet.microsoft.com/srd/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability/\r\n\r\nThere are some caveats, as far as I can tell you can\u2019t create this broker from an LPAC Edge content process, more because the connection to the broker fails rather than any activation permissions check. Therefore to exploit from Edge you\u2019d need to get into the MicrosoftEdge process (or another process outside of LPAC). This is left as an exercise for the reader.\r\n\r\nFixing wise, I\u2019d guess unless you\u2019re actually using this for Inbox applications at a minimum you probably should only Developer and LOB origins. Ideally you\u2019d probably want to require a capability for its use but the horse may have bolted on that one. Anyway you might not consider this an issue as it can\u2019t easily be used from LPAC and side-loading is an issue unto itself.\r\n\r\nProof of Concept:\r\n\r\nI\u2019ve provided a PoC as a solution containing the C# PoC and Brokered Component as well as a DLL which can be injected into Edge to demonstrate the issue. The PoC will inject the DLL into a running MicrosoftEdge process and run the attack. Note that the PoC needs to know the relative location of the ntdll!LdrpKnownDllDirectoryHandle symbol for x64 in order to work. It should be set up for the initial release of RS5 (17763.1) but if you need to run it on another machine you\u2019ll need to modify GetHandleAddress in the PoC to check the version string from NTDLL and return the appropriate location (you can get the offset in WinDBG using \u2018? ntdll!LdrpKnownDllDirectoryHandle-ntdll). Also before you ask, the injection isn\u2019t a CIG bypass you need to be able to create an image section from an arbitrary file to perform the injection which you can do inside a process running with CIG.\r\n\r\n1) Compile the solution in \u201cRelease\u201d mode for \u201cAny CPU\u201d. It\u2019ll need to pull NtApiDotNet from NuGet to build.\r\n2) Start a copy of Edge.\r\n3) Execute the PoC from the x64\\Release directory.\r\n\r\nExpected Result:\r\nCreating the broker fails.\r\n\r\nObserved Result:\r\nThe broker creation succeeds and notepad executes outside the sandbox.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46162.zip\n\n# 0day.today [2019-02-06] #", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/31971"}], "mscve": [{"lastseen": "2020-08-07T11:48:23", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-0552"], "description": "An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.\n\nTo exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.\n\nThe update addresses the vulnerability by correcting how Windows COM Desktop Broker processes interface requests.\n", "edition": 2, "modified": "2019-01-08T08:00:00", "id": "MS:CVE-2019-0552", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0552", "published": "2019-01-08T08:00:00", "title": "Windows COM Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-08T12:52:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0554", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0584", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0578", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580", "CVE-2018-3639"], "description": "This host is missing an important security\n update according to Microsoft KB4480963", "modified": "2019-12-20T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310814649", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814649", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4480963)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4480963)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814649\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2019-0536\", \"CVE-2019-0538\", \"CVE-2019-0541\", \"CVE-2019-0543\",\n \"CVE-2019-0552\", \"CVE-2019-0554\", \"CVE-2019-0555\", \"CVE-2019-0569\",\n \"CVE-2019-0570\", \"CVE-2019-0575\", \"CVE-2019-0576\", \"CVE-2019-0577\",\n \"CVE-2019-0578\", \"CVE-2019-0579\", \"CVE-2019-0580\", \"CVE-2019-0581\",\n \"CVE-2019-0582\", \"CVE-2019-0583\", \"CVE-2019-0584\", \"CVE-2019-0549\",\n \"CVE-2018-3639\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 18:36:41 +0530 (Wed, 09 Jan 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4480963)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4480963\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Runtime improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - An error in the Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n\n - MSHTML engine improperly validates input.\n\n - Windows improperly handles authentication requests.\n\n - An elevation of privilege exists in Windows COM Desktop Broker.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system and gain elevated privileges\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4480963\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\ndllpath = smb_get_system32root();\nif(!dllpath){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllpath, file_name:\"Mshtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.19236\"))\n{\n report = report_fixed_ver(file_checked:dllpath + \"\\Mshtml.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.19236\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "description": "This host is missing a critical security\n update according to Microsoft KB4480962", "modified": "2020-06-04T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310814642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814642", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4480962)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4480962)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814642\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0536\", \"CVE-2019-0538\", \"CVE-2019-0539\", \"CVE-2019-0541\",\n \"CVE-2019-0543\", \"CVE-2019-0545\", \"CVE-2019-0552\", \"CVE-2019-0554\",\n \"CVE-2019-0555\", \"CVE-2019-0566\", \"CVE-2019-0567\", \"CVE-2019-0569\",\n \"CVE-2019-0570\", \"CVE-2019-0571\", \"CVE-2019-0572\", \"CVE-2019-0573\",\n \"CVE-2019-0574\", \"CVE-2019-0575\", \"CVE-2019-0576\", \"CVE-2019-0577\",\n \"CVE-2019-0578\", \"CVE-2019-0579\", \"CVE-2019-0580\", \"CVE-2019-0581\",\n \"CVE-2019-0582\", \"CVE-2019-0583\", \"CVE-2019-0584\", \"CVE-2019-0549\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 10:24:24 +0530 (Wed, 09 Jan 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4480962)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4480962\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - An error in the Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - MSHTML engine improperly validates input.\n\n - Windows improperly handles authentication requests.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Runtime improperly handles objects in memory.\n\n - A privilege elevation exists in Windows COM Desktop Broker.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain sensitive information to further compromise the user's system, gain\n elevated privileges and arbitrary code in the context of the current user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4480962\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18093\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18093\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T12:52:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "description": "This host is missing a critical security\n update according to Microsoft KB4480961", "modified": "2019-12-20T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310814641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814641", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4480961)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4480961)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814641\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2019-0536\", \"CVE-2019-0538\", \"CVE-2019-0539\", \"CVE-2019-0541\",\n \"CVE-2019-0543\", \"CVE-2019-0545\", \"CVE-2019-0552\", \"CVE-2019-0554\",\n \"CVE-2019-0555\", \"CVE-2019-0566\", \"CVE-2019-0567\", \"CVE-2019-0569\",\n \"CVE-2019-0570\", \"CVE-2019-0571\", \"CVE-2019-0572\", \"CVE-2019-0573\",\n \"CVE-2019-0574\", \"CVE-2019-0575\", \"CVE-2019-0576\", \"CVE-2019-0577\",\n \"CVE-2019-0578\", \"CVE-2019-0579\", \"CVE-2019-0580\", \"CVE-2019-0581\",\n \"CVE-2019-0582\", \"CVE-2019-0583\", \"CVE-2019-0584\", \"CVE-2019-0549\",\n \"CVE-2019-0551\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 10:08:10 +0530 (Wed, 09 Jan 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4480961)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4480961\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - An error in the Microsoft XmlDocument class that could allow an attacker to\n escape from the AppContainer sandbox in the browser.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - MSHTML engine improperly validates input.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows improperly handles authentication requests.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Runtime improperly handles objects in memory.\n\n - An elevation of privilege exists in Windows COM Desktop Broker.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to obtain sensitive information to further compromise the user's system,\n gain elevated privileges and execute arbitrary code on a victim system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4480961\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2723\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2723\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "description": "This host is missing a critical security\n update according to Microsoft KB4480973", "modified": "2020-06-04T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310814640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814640", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4480973)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4480973)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814640\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0536\", \"CVE-2019-0538\", \"CVE-2019-0539\", \"CVE-2019-0541\",\n \"CVE-2019-0543\", \"CVE-2019-0545\", \"CVE-2019-0551\", \"CVE-2019-0552\",\n \"CVE-2019-0553\", \"CVE-2019-0554\", \"CVE-2019-0555\", \"CVE-2019-0566\",\n \"CVE-2019-0567\", \"CVE-2019-0569\", \"CVE-2019-0570\", \"CVE-2019-0571\",\n \"CVE-2019-0572\", \"CVE-2019-0573\", \"CVE-2019-0574\", \"CVE-2019-0575\",\n \"CVE-2019-0576\", \"CVE-2019-0577\", \"CVE-2019-0578\", \"CVE-2019-0579\",\n \"CVE-2019-0580\", \"CVE-2019-0581\", \"CVE-2019-0582\", \"CVE-2019-0583\",\n \"CVE-2019-0584\", \"CVE-2019-0549\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 10:00:45 +0530 (Wed, 09 Jan 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4480973)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4480973\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - An error in Microsoft XmlDocument class that could allow an attacker to escape\n from the AppContainer sandbox in the browser.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - MSHTML engine improperly validates input.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows improperly handles authentication requests.\n\n - Windows Subsystem for Linux improperly handles objects in memory.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Runtime improperly handles objects in memory.\n\n - An elevation of privilege exists in Windows COM Desktop Broker.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, gain elevated\n privileges and execute arbitrary code on a victim system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64 Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4480973\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1562\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1562\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "description": "This host is missing a critical security\n update according to Microsoft KB4480978", "modified": "2020-06-04T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310814644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814644", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4480978)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4480978)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814644\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0536\", \"CVE-2019-0538\", \"CVE-2019-0539\", \"CVE-2019-0541\",\n \"CVE-2019-0543\", \"CVE-2019-0545\", \"CVE-2019-0551\", \"CVE-2019-0552\",\n \"CVE-2019-0553\", \"CVE-2019-0554\", \"CVE-2019-0555\", \"CVE-2019-0566\",\n \"CVE-2019-0567\", \"CVE-2019-0569\", \"CVE-2019-0570\", \"CVE-2019-0571\",\n \"CVE-2019-0572\", \"CVE-2019-0573\", \"CVE-2019-0574\", \"CVE-2019-0575\",\n \"CVE-2019-0576\", \"CVE-2019-0577\", \"CVE-2019-0578\", \"CVE-2019-0579\",\n \"CVE-2019-0580\", \"CVE-2019-0581\", \"CVE-2019-0582\", \"CVE-2019-0583\",\n \"CVE-2019-0584\", \"CVE-2019-0549\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 10:41:16 +0530 (Wed, 09 Jan 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4480978)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4480978\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - An error in the Microsoft XmlDocument class that could allow an attacker to\n escape from the AppContainer sandbox in the browser.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - MSHTML engine improperly validates input.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows improperly handles authentication requests.\n\n - Windows Subsystem for Linux improperly handles objects in memory.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Runtime improperly handles objects in memory.\n\n - An elevation of privilege exists in Windows COM Desktop Broker.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, gain elevated\n privileges on an affected system and execute arbitrary code in the context of\n the current user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4480978\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.636\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.636\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0550", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0565", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0568", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0547", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "description": "This host is missing a critical security\n update according to Microsoft KB4480966", "modified": "2020-06-04T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310814643", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814643", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4480966)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4480966)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814643\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0536\", \"CVE-2019-0538\", \"CVE-2019-0539\", \"CVE-2019-0541\",\n \"CVE-2019-0543\", \"CVE-2019-0545\", \"CVE-2019-0551\", \"CVE-2019-0552\",\n \"CVE-2019-0553\", \"CVE-2019-0554\", \"CVE-2019-0555\", \"CVE-2019-0565\",\n \"CVE-2019-0566\", \"CVE-2019-0567\", \"CVE-2019-0568\", \"CVE-2019-0569\",\n \"CVE-2019-0570\", \"CVE-2019-0571\", \"CVE-2019-0572\", \"CVE-2019-0573\",\n \"CVE-2019-0574\", \"CVE-2019-0575\", \"CVE-2019-0576\", \"CVE-2019-0577\",\n \"CVE-2019-0578\", \"CVE-2019-0579\", \"CVE-2019-0580\", \"CVE-2019-0581\",\n \"CVE-2019-0582\", \"CVE-2019-0583\", \"CVE-2019-0584\", \"CVE-2019-0547\",\n \"CVE-2019-0549\", \"CVE-2019-0550\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 10:32:25 +0530 (Wed, 09 Jan 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4480966)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4480966\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Windows DHCP client when an attacker sends specially crafted DHCP responses\n to a client.\n\n - MSHTML engine improperly validates input.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows improperly handles authentication requests.\n\n - Windows Subsystem for Linux improperly handles objects in memory.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - An error in the Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows Runtime improperly handles objects in memory.\n\n - An elevation of privilege exists in Windows COM Desktop Broker.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, elevate privileges\n on an affected system and execute arbitrary code in the context of the current\n user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4480966\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.522\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.522\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0550", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0565", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0568", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "description": "This host is missing a critical security\n update according to Microsoft KB4480116", "modified": "2020-06-04T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310814639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814639", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4480116)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4480116)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814639\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0536\", \"CVE-2019-0538\", \"CVE-2019-0539\", \"CVE-2019-0541\",\n \"CVE-2019-0543\", \"CVE-2019-0551\", \"CVE-2019-0552\", \"CVE-2019-0553\",\n \"CVE-2019-0554\", \"CVE-2019-0555\", \"CVE-2019-0565\", \"CVE-2019-0566\",\n \"CVE-2019-0567\", \"CVE-2019-0568\", \"CVE-2019-0569\", \"CVE-2019-0570\",\n \"CVE-2019-0571\", \"CVE-2019-0572\", \"CVE-2019-0573\", \"CVE-2019-0574\",\n \"CVE-2019-0575\", \"CVE-2019-0576\", \"CVE-2019-0577\", \"CVE-2019-0578\",\n \"CVE-2019-0579\", \"CVE-2019-0580\", \"CVE-2019-0581\", \"CVE-2019-0582\",\n \"CVE-2019-0583\", \"CVE-2019-0584\", \"CVE-2019-0549\", \"CVE-2019-0550\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 09:52:03 +0530 (Wed, 09 Jan 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4480116)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4480116\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - The MSHTML engine improperly validates input.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows improperly handles authentication requests.\n\n - Windows Subsystem for Linux improperly handles objects in memory.\n\n - An elevation of privilege exists in Windows COM Desktop Broker.\n\n - An error in Microsoft XmlDocument class that could allow an attacker to escape\n from the AppContainer sandbox in the browser.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - Windows Runtime improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, gain the same\n user rights as the current user and execute arbitrary code in the context of the\n current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1809 for 32-bit/x64 Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4480116\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.252\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.252\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:46:01", "description": "The remote Windows host is missing security update 4480964\nor cumulative update 4480963. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)", "edition": 23, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "title": "KB4480964: Windows 8.1 and Windows Server 2012 R2 January 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0554", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0584", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0578", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580", "CVE-2018-3639"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_JAN_4480963.NASL", "href": "https://www.tenable.com/plugins/nessus/121014", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121014);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/04/30 14:30:16\");\n\n script_cve_id(\n \"CVE-2018-3639\",\n \"CVE-2019-0536\",\n \"CVE-2019-0538\",\n \"CVE-2019-0541\",\n \"CVE-2019-0543\",\n \"CVE-2019-0545\",\n \"CVE-2019-0549\",\n \"CVE-2019-0552\",\n \"CVE-2019-0554\",\n \"CVE-2019-0555\",\n \"CVE-2019-0569\",\n \"CVE-2019-0570\",\n \"CVE-2019-0575\",\n \"CVE-2019-0576\",\n \"CVE-2019-0577\",\n \"CVE-2019-0578\",\n \"CVE-2019-0579\",\n \"CVE-2019-0580\",\n \"CVE-2019-0581\",\n \"CVE-2019-0582\",\n \"CVE-2019-0583\",\n \"CVE-2019-0584\"\n );\n script_xref(name:\"MSKB\", value:\"4480963\");\n script_xref(name:\"MSKB\", value:\"4480964\");\n script_xref(name:\"MSFT\", value:\"MS19-4480963\");\n script_xref(name:\"MSFT\", value:\"MS19-4480964\");\n\n script_name(english:\"KB4480964: Windows 8.1 and Windows Server 2012 R2 January 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4480964\nor cumulative update 4480963. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine improperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\");\n # https://support.microsoft.com/en-us/help/4480963/windows-8-1-update-kb4480963\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5fa9f1a3\");\n # https://support.microsoft.com/en-us/help/4480964/windows-8-1-update-kb4480964\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4ff768\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4480964 or Cumulative Update KB4480963.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0538\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-01\";\nkbs = make_list('4480964', '4480963');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"01_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4480964, 4480963])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:52:16", "description": "The remote Windows host is missing security update 4480978. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0551)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "title": "KB4480978: Windows 10 Version 1709 and Windows Server Version 1709 January 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0584", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "modified": "2019-01-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_JAN_4480978.NASL", "href": "https://www.tenable.com/plugins/nessus/121020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121020);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\n \"CVE-2019-0536\",\n \"CVE-2019-0538\",\n \"CVE-2019-0543\",\n \"CVE-2019-0545\",\n \"CVE-2019-0549\",\n \"CVE-2019-0551\",\n \"CVE-2019-0552\",\n \"CVE-2019-0553\",\n \"CVE-2019-0554\",\n \"CVE-2019-0555\",\n \"CVE-2019-0569\",\n \"CVE-2019-0570\",\n \"CVE-2019-0571\",\n \"CVE-2019-0572\",\n \"CVE-2019-0573\",\n \"CVE-2019-0574\",\n \"CVE-2019-0575\",\n \"CVE-2019-0576\",\n \"CVE-2019-0577\",\n \"CVE-2019-0578\",\n \"CVE-2019-0579\",\n \"CVE-2019-0580\",\n \"CVE-2019-0581\",\n \"CVE-2019-0582\",\n \"CVE-2019-0583\",\n \"CVE-2019-0584\"\n );\n script_xref(name:\"MSKB\", value:\"4480978\");\n script_xref(name:\"MSFT\", value:\"MS19-4480978\");\n\n script_name(english:\"KB4480978: Windows 10 Version 1709 and Windows Server Version 1709 January 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4480978. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0551)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)\");\n # https://support.microsoft.com/en-us/help/4480978/windows-10-update-kb4480978\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8aa7a1c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4480978.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0538\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-01\";\nkbs = make_list('4480978');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"01_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4480978])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:33", "description": "The remote Windows host is missing security update 4480961. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0551)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "title": "KB4480961: Windows 10 Version 1607 and Windows Server 2016 January 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "modified": "2019-01-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JAN_4480961.NASL", "href": "https://www.tenable.com/plugins/nessus/121012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121012);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0536\",\n \"CVE-2019-0538\",\n \"CVE-2019-0539\",\n \"CVE-2019-0541\",\n \"CVE-2019-0543\",\n \"CVE-2019-0545\",\n \"CVE-2019-0549\",\n \"CVE-2019-0551\",\n \"CVE-2019-0552\",\n \"CVE-2019-0554\",\n \"CVE-2019-0555\",\n \"CVE-2019-0566\",\n \"CVE-2019-0567\",\n \"CVE-2019-0569\",\n \"CVE-2019-0570\",\n \"CVE-2019-0571\",\n \"CVE-2019-0572\",\n \"CVE-2019-0573\",\n \"CVE-2019-0574\",\n \"CVE-2019-0575\",\n \"CVE-2019-0576\",\n \"CVE-2019-0577\",\n \"CVE-2019-0578\",\n \"CVE-2019-0579\",\n \"CVE-2019-0580\",\n \"CVE-2019-0581\",\n \"CVE-2019-0582\",\n \"CVE-2019-0583\",\n \"CVE-2019-0584\"\n );\n script_xref(name:\"MSKB\", value:\"4480961\");\n script_xref(name:\"MSFT\", value:\"MS19-4480961\");\n\n script_name(english:\"KB4480961: Windows 10 Version 1607 and Windows Server 2016 January 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4480961. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0551)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)\");\n # https://support.microsoft.com/en-us/help/4480961/windows-10-update-kb4480961\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?108c06e5\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4480961.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0538\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-01\";\nkbs = make_list('4480961');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"01_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4480961])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:52:16", "description": "The remote Windows host is missing security update 4480966. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0547)\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0550, CVE-2019-0551)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "title": "KB4480966: Windows 10 Version 1803 and Windows Server Version 1803 January 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0550", "CVE-2019-0584", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0547", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "modified": "2019-01-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_JAN_4480966.NASL", "href": "https://www.tenable.com/plugins/nessus/121015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\n \"CVE-2019-0536\",\n \"CVE-2019-0538\",\n \"CVE-2019-0543\",\n \"CVE-2019-0545\",\n \"CVE-2019-0547\",\n \"CVE-2019-0549\",\n \"CVE-2019-0550\",\n \"CVE-2019-0551\",\n \"CVE-2019-0552\",\n \"CVE-2019-0553\",\n \"CVE-2019-0554\",\n \"CVE-2019-0555\",\n \"CVE-2019-0569\",\n \"CVE-2019-0570\",\n \"CVE-2019-0571\",\n \"CVE-2019-0572\",\n \"CVE-2019-0573\",\n \"CVE-2019-0574\",\n \"CVE-2019-0575\",\n \"CVE-2019-0576\",\n \"CVE-2019-0577\",\n \"CVE-2019-0578\",\n \"CVE-2019-0579\",\n \"CVE-2019-0580\",\n \"CVE-2019-0581\",\n \"CVE-2019-0582\",\n \"CVE-2019-0583\",\n \"CVE-2019-0584\"\n );\n script_xref(name:\"MSKB\", value:\"4480966\");\n script_xref(name:\"MSFT\", value:\"MS19-4480966\");\n\n script_name(english:\"KB4480966: Windows 10 Version 1803 and Windows Server Version 1803 January 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4480966. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0547)\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0550, CVE-2019-0551)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)\");\n # https://support.microsoft.com/en-us/help/4480966/windows-10-update-kb4480966\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f7193a7a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4480966.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0538\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-01\";\nkbs = make_list('4480966');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"01_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4480966])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:33", "description": "The remote Windows host is missing security update 4480962. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "title": "KB4480962: Windows 10 January 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "modified": "2019-01-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JAN_4480962.NASL", "href": "https://www.tenable.com/plugins/nessus/121013", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121013);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0536\",\n \"CVE-2019-0538\",\n \"CVE-2019-0539\",\n \"CVE-2019-0541\",\n \"CVE-2019-0543\",\n \"CVE-2019-0545\",\n \"CVE-2019-0549\",\n \"CVE-2019-0552\",\n \"CVE-2019-0554\",\n \"CVE-2019-0555\",\n \"CVE-2019-0566\",\n \"CVE-2019-0567\",\n \"CVE-2019-0569\",\n \"CVE-2019-0570\",\n \"CVE-2019-0571\",\n \"CVE-2019-0572\",\n \"CVE-2019-0573\",\n \"CVE-2019-0574\",\n \"CVE-2019-0575\",\n \"CVE-2019-0576\",\n \"CVE-2019-0577\",\n \"CVE-2019-0578\",\n \"CVE-2019-0579\",\n \"CVE-2019-0580\",\n \"CVE-2019-0581\",\n \"CVE-2019-0582\",\n \"CVE-2019-0583\",\n \"CVE-2019-0584\"\n );\n script_xref(name:\"MSKB\", value:\"4480962\");\n script_xref(name:\"MSFT\", value:\"MS19-4480962\");\n\n script_name(english:\"KB4480962: Windows 10 January 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4480962. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)\");\n # https://support.microsoft.com/en-us/help/4480962/windows-10-update-kb4480962\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed198bfb\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4480962.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0538\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-01\";\nkbs = make_list('4480962');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"01_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4480962])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:34", "description": "The remote Windows host is missing security update 4480973. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567)\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0551)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "title": "KB4480973: Windows 10 Version 1703 January 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "modified": "2019-01-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JAN_4480973.NASL", "href": "https://www.tenable.com/plugins/nessus/121018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121018);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0536\",\n \"CVE-2019-0538\",\n \"CVE-2019-0539\",\n \"CVE-2019-0541\",\n \"CVE-2019-0543\",\n \"CVE-2019-0545\",\n \"CVE-2019-0549\",\n \"CVE-2019-0551\",\n \"CVE-2019-0552\",\n \"CVE-2019-0553\",\n \"CVE-2019-0554\",\n \"CVE-2019-0555\",\n \"CVE-2019-0566\",\n \"CVE-2019-0567\",\n \"CVE-2019-0569\",\n \"CVE-2019-0570\",\n \"CVE-2019-0571\",\n \"CVE-2019-0572\",\n \"CVE-2019-0573\",\n \"CVE-2019-0574\",\n \"CVE-2019-0575\",\n \"CVE-2019-0576\",\n \"CVE-2019-0577\",\n \"CVE-2019-0578\",\n \"CVE-2019-0579\",\n \"CVE-2019-0580\",\n \"CVE-2019-0581\",\n \"CVE-2019-0582\",\n \"CVE-2019-0583\",\n \"CVE-2019-0584\"\n );\n script_xref(name:\"MSKB\", value:\"4480973\");\n script_xref(name:\"MSFT\", value:\"MS19-4480973\");\n\n script_name(english:\"KB4480973: Windows 10 Version 1703 January 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4480973. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567)\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0551)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)\");\n # https://support.microsoft.com/en-us/help/4480973/windows-10-update-kb4480973\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8bd0dec\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4480973.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0538\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-01\";\nkbs = make_list('4480973');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"01_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4480973])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:33", "description": "The remote Windows host is missing security update 4480116.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567,\n CVE-2019-0568)\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0550, CVE-2019-0551)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-08T00:00:00", "title": "KB4480116: Windows 10 Version 1809 and Windows Server 2019 January 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0567", "CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0566", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0541", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0550", "CVE-2019-0584", "CVE-2019-0539", "CVE-2019-0545", "CVE-2019-0565", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0568", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "modified": "2019-01-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JAN_4480116.NASL", "href": "https://www.tenable.com/plugins/nessus/121011", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121011);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0536\",\n \"CVE-2019-0538\",\n \"CVE-2019-0539\",\n \"CVE-2019-0541\",\n \"CVE-2019-0543\",\n \"CVE-2019-0545\",\n \"CVE-2019-0549\",\n \"CVE-2019-0550\",\n \"CVE-2019-0551\",\n \"CVE-2019-0552\",\n \"CVE-2019-0553\",\n \"CVE-2019-0554\",\n \"CVE-2019-0555\",\n \"CVE-2019-0565\",\n \"CVE-2019-0566\",\n \"CVE-2019-0567\",\n \"CVE-2019-0568\",\n \"CVE-2019-0569\",\n \"CVE-2019-0570\",\n \"CVE-2019-0571\",\n \"CVE-2019-0572\",\n \"CVE-2019-0573\",\n \"CVE-2019-0574\",\n \"CVE-2019-0575\",\n \"CVE-2019-0576\",\n \"CVE-2019-0577\",\n \"CVE-2019-0578\",\n \"CVE-2019-0579\",\n \"CVE-2019-0580\",\n \"CVE-2019-0581\",\n \"CVE-2019-0582\",\n \"CVE-2019-0583\",\n \"CVE-2019-0584\"\n );\n script_xref(name:\"MSKB\", value:\"4480116\");\n script_xref(name:\"MSFT\", value:\"MS19-4480116\");\n\n script_name(english:\"KB4480116: Windows 10 Version 1809 and Windows Server 2019 January 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4480116.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0536, CVE-2019-0549, CVE-2019-0554)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0539, CVE-2019-0567,\n CVE-2019-0568)\n\n - An information disclosure vulnerability exists when\n Windows Subsystem for Linux improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. A attacker could exploit\n this vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how Windows Subsystem for Linux handles\n objects in memory. (CVE-2019-0553)\n\n - An information disclosure vulnerability exists in .NET\n Framework and .NET Core which allows bypassing Cross-\n origin Resource Sharing (CORS) configurations. An\n attacker who successfully exploited the vulnerability\n could retrieve content, that is normally restricted,\n from a web application. The security update addresses\n the vulnerability by enforcing CORS configuration to\n prevent its bypass. (CVE-2019-0545)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0550, CVE-2019-0551)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0538, CVE-2019-0575, CVE-2019-0576,\n CVE-2019-0577, CVE-2019-0578, CVE-2019-0579,\n CVE-2019-0580, CVE-2019-0581, CVE-2019-0582,\n CVE-2019-0583, CVE-2019-0584)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0565)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft XmlDocument class that could allow an attacker\n to escape from the AppContainer sandbox in the browser.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges and break\n out of the Edge AppContainer sandbox. The vulnerability\n by itself does not allow arbitrary code to run. However,\n this vulnerability could be used in conjunction with one\n or more vulnerabilities (for example a remote code\n execution vulnerability and another elevation of\n privilege vulnerability) to take advantage of the\n elevated privileges when running. The security update\n addresses the vulnerability by modifying how the\n Microsoft XmlDocument class enforces sandboxing.\n (CVE-2019-0555)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-0543)\n\n - An elevation of privilege vulnerability exists when the\n Windows Runtime improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in an elevated context. An\n attacker could exploit this vulnerability by running a\n specially crafted application on the victim system. The\n update addresses the vulnerability by correcting the way\n the Windows Runtime handles objects in memory.\n (CVE-2019-0570)\n\n - A remote code execution vulnerability exists in the way\n that the MSHTML engine inproperly validates input. An\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2019-0541)\n\n - An elevation of privilege exists in Windows COM Desktop\n Broker. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-0552)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge Browser Broker COM object. An attacker\n who successfully exploited the vulnerability could use\n the Browser Broker COM object to elevate privileges on\n an affected system. This vulnerability by itself does\n not allow arbitrary code execution; however, it could\n allow arbitrary code to be run if the attacker uses it\n in combination with another vulnerability (such as a\n remote code execution vulnerability or another elevation\n of privilege vulnerability) that is capable of\n leveraging the elevated privileges when code execution\n is attempted. (CVE-2019-0566)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0569)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-0571, CVE-2019-0572,\n CVE-2019-0573, CVE-2019-0574)\");\n # https://support.microsoft.com/en-us/help/4480116/windows-10-update-kb4480116\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3a1f686\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4480116.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0538\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-01\";\nkbs = make_list('4480116');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"01_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4480116])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:59:44", "bulletinFamily": "info", "cvelist": ["CVE-2019-0583", "CVE-2019-0577", "CVE-2019-0582", "CVE-2019-0554", "CVE-2019-0571", "CVE-2019-0573", "CVE-2019-0549", "CVE-2019-0579", "CVE-2019-0551", "CVE-2019-0550", "CVE-2019-0584", "CVE-2019-0575", "CVE-2019-0543", "CVE-2019-0574", "CVE-2019-0578", "CVE-2019-0572", "CVE-2019-0552", "CVE-2019-0538", "CVE-2019-0581", "CVE-2019-0536", "CVE-2019-0553", "CVE-2019-0555", "CVE-2019-0547", "CVE-2019-0570", "CVE-2019-0576", "CVE-2019-0569", "CVE-2019-0580"], "description": "### *Detect date*:\n01/08/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information and execute arbitrary code.\n\n### *Affected products*:\nWindows 10 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2019 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1709 for 64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 8.1 for x64-based systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2012 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0572](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0572>) \n[CVE-2019-0549](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0549>) \n[CVE-2019-0570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0570>) \n[CVE-2019-0583](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0583>) \n[CVE-2019-0555](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0555>) \n[CVE-2019-0543](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543>) \n[CVE-2019-0580](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0580>) \n[CVE-2019-0571](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0571>) \n[CVE-2019-0547](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0547>) \n[CVE-2019-0574](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0574>) \n[CVE-2019-0550](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0550>) \n[CVE-2019-0569](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0569>) \n[CVE-2019-0551](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0551>) \n[CVE-2019-0553](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0553>) \n[CVE-2019-0573](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0573>) \n[CVE-2019-0577](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0577>) \n[CVE-2019-0554](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0554>) \n[CVE-2019-0581](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0581>) \n[CVE-2019-0582](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0582>) \n[CVE-2019-0579](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0579>) \n[CVE-2019-0536](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0536>) \n[CVE-2019-0578](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0578>) \n[CVE-2019-0584](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0584>) \n[CVE-2019-0552](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0552>) \n[CVE-2019-0538](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0538>) \n[CVE-2019-0576](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0576>) \n[CVE-2019-0575](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0575>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-0572](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0572>)0.0Unknown \n[CVE-2019-0549](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0549>)0.0Unknown \n[CVE-2019-0570](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0570>)0.0Unknown \n[CVE-2019-0583](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0583>)0.0Unknown \n[CVE-2019-0555](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0555>)0.0Unknown \n[CVE-2019-0543](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0543>)0.0Unknown \n[CVE-2019-0580](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0580>)0.0Unknown \n[CVE-2019-0571](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0571>)0.0Unknown \n[CVE-2019-0547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0547>)0.0Unknown \n[CVE-2019-0574](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0574>)0.0Unknown \n[CVE-2019-0550](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0550>)0.0Unknown \n[CVE-2019-0569](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0569>)0.0Unknown \n[CVE-2019-0551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0551>)0.0Unknown \n[CVE-2019-0553](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0553>)0.0Unknown \n[CVE-2019-0573](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0573>)0.0Unknown \n[CVE-2019-0577](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0577>)0.0Unknown \n[CVE-2019-0554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0554>)0.0Unknown \n[CVE-2019-0581](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0581>)0.0Unknown \n[CVE-2019-0582](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0582>)0.0Unknown \n[CVE-2019-0579](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0579>)0.0Unknown \n[CVE-2019-0536](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0536>)0.0Unknown \n[CVE-2019-0578](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0578>)0.0Unknown \n[CVE-2019-0584](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0584>)0.0Unknown \n[CVE-2019-0552](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0552>)0.0Unknown \n[CVE-2019-0538](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0538>)0.0Unknown \n[CVE-2019-0576](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0576>)0.0Unknown \n[CVE-2019-0575](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0575>)0.0Unknown\n\n### *KB list*:\n[4480978](<http://support.microsoft.com/kb/4480978>) \n[4480962](<http://support.microsoft.com/kb/4480962>) \n[4480966](<http://support.microsoft.com/kb/4480966>) \n[4480116](<http://support.microsoft.com/kb/4480116>) \n[4480961](<http://support.microsoft.com/kb/4480961>) \n[4480973](<http://support.microsoft.com/kb/4480973>) \n[4480963](<http://support.microsoft.com/kb/4480963>) \n[4480964](<http://support.microsoft.com/kb/4480964>) \n[4480972](<http://support.microsoft.com/kb/4480972>) \n[4480975](<http://support.microsoft.com/kb/4480975>) \n[4487020](<http://support.microsoft.com/kb/4487020>) \n[4487017](<http://support.microsoft.com/kb/4487017>) \n[4486996](<http://support.microsoft.com/kb/4486996>) \n[4487026](<http://support.microsoft.com/kb/4487026>) \n[4487025](<http://support.microsoft.com/kb/4487025>) \n[4487044](<http://support.microsoft.com/kb/4487044>) \n[4487018](<http://support.microsoft.com/kb/4487018>) \n[4487028](<http://support.microsoft.com/kb/4487028>) \n[4487000](<http://support.microsoft.com/kb/4487000>) \n[4486993](<http://support.microsoft.com/kb/4486993>)\n\n### *Microsoft official advisories*:\n\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 9, "modified": "2020-07-22T00:00:00", "published": "2019-01-08T00:00:00", "id": "KLA11394", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11394", "title": "\r KLA11394Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-01-16T10:42:39", "bulletinFamily": "blog", "cvelist": ["CVE-2019-0536", "CVE-2019-0537", "CVE-2019-0538", "CVE-2019-0539", "CVE-2019-0541", "CVE-2019-0542", "CVE-2019-0543", "CVE-2019-0545", "CVE-2019-0546", "CVE-2019-0547", "CVE-2019-0548", "CVE-2019-0549", "CVE-2019-0550", "CVE-2019-0551", "CVE-2019-0552", "CVE-2019-0553", "CVE-2019-0554", "CVE-2019-0555", "CVE-2019-0556", "CVE-2019-0557", "CVE-2019-0558", "CVE-2019-0559", "CVE-2019-0560", "CVE-2019-0561", "CVE-2019-0562", "CVE-2019-0564", "CVE-2019-0565", "CVE-2019-0566", "CVE-2019-0567", "CVE-2019-0568", "CVE-2019-0569", "CVE-2019-0570", "CVE-2019-0571", "CVE-2019-0572", "CVE-2019-0573", "CVE-2019-0574", "CVE-2019-0575", "CVE-2019-0576", "CVE-2019-0577", "CVE-2019-0578", "CVE-2019-0579", "CVE-2019-0580", "CVE-2019-0581", "CVE-2019-0582", "CVE-2019-0583", "CVE-2019-0584", "CVE-2019-0585", "CVE-2019-0586", "CVE-2019-0588"], "description": "[](<http://2.bp.blogspot.com/-ANFCKlpBiis/XDT4w08wP6I/AAAAAAAAFEg/aBxDQqabS3sVdRQE2DZDBJnMFcZIxf7hgCK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>)\n\n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated \u201ccritical,\u201d 40 that are considered \u201cimportant\u201d and one that is \u201cmoderate.\u201d This release also includes a critical security advisory for multiple bugs in Adobe Flash Player. \n \nThis month\u2019s security update covers security issues in a variety of Microsoft\u2019s products, including the Jet Database Engine, Office SharePoint and the Chakra Scripting Engine. For coverage of these vulnerabilities, read the SNORT\u24c7 blog post [here](<https://blog.snort.org/2019/01/snort-rule-update-for-jan-8-2019.html>). \n\n\n### Critical vulnerabilities\n\n \nMicrosoft disclosed seven critical vulnerabilities this month, which we will highlight below. \n \n[CVE-2019-0550](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0550>) and [CVE-2019-0551](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0551>) are remote code execution vulnerabilities in Windows Hyper-V, a native hypervisor that can create virtual machines. These bugs exist due to the way a host server fails to properly validate input from an authenticated user on a guest operating system. An attacker could exploit these vulnerabilities by running a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. \n \n[CVE-2019-0539](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0539>), [CVE-2019-0567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0567>) and [CVE-2019-0568](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0568>) are memory corruption vulnerabilities in the way the Chakra Scripting Engine handles objects in memory on the Microsoft Edge web browser. An attacker could corrupt memory in a way that would allow them to execute code in the context of the current user. In order to trigger this vulnerability, a user would have to visit a specially crafted, malicious web page in Edge. \n \n[CVE-2019-0547](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0547>) is a memory corruption vulnerability in the Windows DHCP client that exists when an attacker sends specially crafted DHCP responses to a client. An attacker could gain the ability to run arbitrary code on the client machine if they successfully exploit this vulnerability. \n \n[CVE-2019-0565](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0565>) is a memory corruption vulnerability in Microsoft Edge that occurs when the web browser improperly handles objects in memory. An attacker could corrupt memory in a way that would allow them to execute arbitrary code in the context of the current user. A user would trigger this vulnerability if they visited a specially crafted, malicious web page in Edge. \n\n\n### Important vulnerabilities\n\nThis release also contains 40 important vulnerabilities, four of which we will highlight below. \n \n[CVE-2019-0555](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0555>) is an escalation of privilege vulnerability in the Microsoft XmlDocument class that could allow an attacker to escape the AppContainer sandbox. An attacker could exploit this flaw to gain elevated privileges and break out of the Microsoft Edge AppContainer sandbox. While this vulnerability does not allow arbitrary code to run explicitly, it could be combined with other vulnerabilities to take advantage fo the elevated privileges while running. \n \n[CVE-2019-0572](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0572>), [CVE-2019-0573](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0573>) and [CVE-2019-0574](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0574>) are elevation of privilege vulnerabilities in Windows Data Sharing that lie in the way the service improperly handles file operations. An attacker could exploit this vulnerability by running a specially crafted application to gain the ability to run processes in an elevated context. \n \n\n\n * [CVE-2019-0536](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0536>)\n * [CVE-2019-0537](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537>)\n * [CVE-2019-0538](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0538>)\n * [CVE-2019-0541](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541>)\n * [CVE-2019-0542](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0542>)\n * [CVE-2019-0543](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543>)\n * [CVE-2019-0545](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545>)\n * [CVE-2019-0548](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548>)\n * [CVE-2019-0549](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0549>)\n * [CVE-2019-0552](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0552>)\n * [CVE-2019-0553](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0553>)\n * [CVE-2019-0554](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0554>)\n * [CVE-2019-0556](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556>)\n * [CVE-2019-0557](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557>)\n * [CVE-2019-0558](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558>)\n * [CVE-2019-0559](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0559>)\n * [CVE-2019-0560](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0560>)\n * [CVE-2019-0561](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0561>)\n * [CVE-2019-0562](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562>)\n * [CVE-2019-0564](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564>)\n * [CVE-2019-0566](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0566>)\n * [CVE-2019-0569](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0570>)\n * [CVE-2019-0570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0570>)\n * [CVE-2019-0571](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0571>)\n * [CVE-2019-0575](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0575>)\n * [CVE-2019-0576](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0576>)\n * [CVE-2019-0577](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0577>)\n * [CVE-2019-0578](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0578>)\n * [CVE-2019-0579](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0579>)\n * [CVE-2019-0580](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0580>)\n * [CVE-2019-0581](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0581>)\n * [CVE-2019-0582](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0582>)\n * [CVE-2019-0583](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0583>)\n * [CVE-2019-0584](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0584>)\n * [CVE-2019-0585](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585>)\n * [CVE-2019-0586](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586>)\n * [CVE-2019-0588](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0588>)\n \n\n\n### Moderate\n\nThe only moderate vulnerability in this release is [CVE-2019-0546](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0546>), a remote code execution vulnerability in Microsoft Visual Studio. \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing the following SNORT\u24c7 rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: 48768 - 48770, 48773 - 48780, 48783, 48787 - 48790, 48793 - 48795, 48798, 48807 - 48810, 48876 \n\n\n \n\n\n", "modified": "2019-01-08T20:24:36", "published": "2019-01-08T11:40:00", "id": "TALOSBLOG:7E9E33CAB0FFF41F91CB12E204945F7F", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/ytwyhglUyOk/microsoft-patch-tuesday-january-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 January 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
