Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11819
HistoryJul 09, 2019 - 12:00 a.m.

KLA11819 Multiple vulnerabilities in Microsoft Products (ESU)

2019-07-0900:00:00
Kaspersky Lab
threats.kaspersky.com
43

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.279 Low

EPSS

Percentile

96.7%

JSON

Detect date:

07/09/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Windows 10 Version 1703 for x64-based Systems
Microsoft .NET Framework 4.5.2
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2019 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server, version 1803 (Server Core Installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft.IdentityModel 7.0.0
Microsoft .NET Framework 3.5 AND 4.8
Windows 10 Version 1903 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Microsoft SharePoint Foundation 2013 Service Pack 1
Windows 8.1 for 32-bit systems
Windows Server 2012
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft .NET Framework 3.5.1
Windows RT 8.1
Microsoft Remote Desktop for Android
Microsoft .NET Framework 4.8
Windows 10 Version 1903 for 32-bit Systems
Microsoft .NET Framework 3.0 Service Pack 2
Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 3.5
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Internet Explorer 9
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2012 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 4.6
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2016 (Server Core installation)
Windows Server 2012 R2
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Windows 10 Version 1803 for ARM64-based Systems
Microsoft Remote Desktop for IoS
Microsoft .NET Framework 3.5 AND 4.7.2
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2019
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Internet Explorer 10
Internet Explorer 11
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Microsoft SharePoint Server 2019
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Windows 8.1 for x64-based systems
Microsoft Edge (EdgeHTML-based)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1108
CVE-2019-1004
CVE-2019-1099
CVE-2019-1006
CVE-2019-1101
CVE-2019-1100
CVE-2019-1102
CVE-2019-1104
CVE-2019-1088
CVE-2019-1089
CVE-2019-1063
CVE-2019-1082
CVE-2019-1085
CVE-2019-0887
CVE-2019-1132
CVE-2019-1116
CVE-2019-1071
CVE-2019-1073
CVE-2019-1098
CVE-2019-1097
CVE-2019-1096
CVE-2019-1095
CVE-2019-1094
CVE-2019-1093
CVE-2019-1059

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2019-11164.3Warning
CVE-2019-11014.3Warning
CVE-2019-10994.3Warning
CVE-2019-10932.1Warning
CVE-2019-11084.0Warning
CVE-2019-10972.1Warning
CVE-2019-10897.2High
CVE-2019-10954.3Warning
CVE-2019-10962.1Warning
CVE-2019-11004.3Warning
CVE-2019-11327.2High
CVE-2019-10065.0Warning
CVE-2019-10884.6Warning
CVE-2019-10712.1Warning
CVE-2019-10944.3Warning
CVE-2019-10984.3Warning
CVE-2019-11029.3Critical
CVE-2019-10854.6Warning
CVE-2019-08878.5Critical
CVE-2019-10732.1Warning
CVE-2019-10827.2High
CVE-2019-10637.6Critical
CVE-2019-11047.6Critical
CVE-2019-10597.6Critical
CVE-2019-10047.6Critical

KB list:

4507456
4507449
4507452
4507461
4507434

Microsoft official advisories:

References

Related

mskb 18
openvas 14
nessus 22
prion 26
cve 26
kaspersky 2
debiancve 1
ubuntucve 1
talosblog 1
veracode 1
osv 2
f5 1
symantec 25
mscve 25
zdi 11
attackerkb 2
krebs 1
checkpoint_advisories 10
cisa_kev 1
githubexploit 4
zdt 2
thn 1
mssecure 1
threatpost 1
mskb
mskb
July 9, 2019—KB4507452 (Monthly Rollup)
2019-08-06 07:00:00
July 9, 2019—KB4507461 (Security-only update)
2019-08-06 07:00:00
July 9, 2019—KB4507456 (Security-only update)
2019-08-06 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4507452)
2019-07-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4507449)
2019-07-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4507462)
2019-07-10 00:00:00
nessus
nessus
KB4507461: Windows Server 2008 July 2019 Security Update (SWAPGS)
2019-07-09 00:00:00
KB4507456: Windows 7 and Windows Server 2008 R2 July 2019 Security Update (SWAPGS)
2019-07-09 00:00:00
KB4507464: Windows Server 2012 July 2019 Security Update (SWAPGS)
2019-07-09 00:00:00
prion
prion
Information disclosure
2019-07-15 19:15:00
Information disclosure
2019-07-15 19:15:00
Information disclosure
2019-07-15 19:15:00
cve
cve
CVE-2019-1101
2019-07-15 19:15:00
CVE-2019-1099
2019-07-15 19:15:00
CVE-2019-1094
2019-07-15 19:15:00
kaspersky
kaspersky
KLA11511 Multiple vulnerabilities in Microsoft Windows
2019-07-09 00:00:00
KLA11514 Multiple vulnerabilities in Microsoft Browsers
2019-07-09 00:00:00
debiancve
debiancve
CVE-2019-1125
2019-09-03 18:15:00
ubuntucve
ubuntucve
CVE-2019-1125
2019-08-06 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
2019-07-09 11:51:34
veracode
veracode
Remote Code Execution (RCE)
2019-07-16 02:11:44
osv
osv
CVE-2019-1001
2019-07-15 19:15:16
CVE-2019-1006
2019-07-15 19:15:16
f5
f5
K31085564 : Spectre SWAPGS gadget vulnerability CVE-2019-1125
2019-08-23 00:00:00
symantec
symantec
Microsoft Windows GDI Component CVE-2019-1101 Information Disclosure Vulnerability
2019-07-09 00:00:00
Microsoft Windows Win32k CVE-2019-1132 Local Privilege Escalation Vulnerability
2019-07-09 00:00:00
Microsoft Internet Explorer CVE-2019-1063 Remote Memory Corruption Vulnerability
2019-07-09 00:00:00
mscve
mscve
Windows GDI Information Disclosure Vulnerability
2019-07-09 07:00:00
Win32k Elevation of Privilege Vulnerability
2019-07-09 07:00:00
Internet Explorer Memory Corruption Vulnerability
2019-07-09 07:00:00
zdi
zdi
Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019-07-10 00:00:00
Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019-07-10 00:00:00
Microsoft Windows gdiplus EMF Parsing Use-After-Free Information Disclosure Vulnerability
2019-07-10 00:00:00
attackerkb
attackerkb
CVE-2019-1132
2019-07-15 00:00:00
CVE-2019-1132
2019-07-15 00:00:00
krebs
krebs
Patch Tuesday Lowdown, July 2019 Edition
2019-07-09 22:32:11
checkpoint_advisories
checkpoint_advisories
Microsoft Win32k Elevation of Privilege (CVE-2019-1132)
2019-07-09 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2019-1004)
2019-07-09 00:00:00
Microsoft Browser Memory Corruption (CVE-2019-1104)
2019-07-09 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-03-15 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2019-07-26 06:51:28
Exploit for Path Traversal in Microsoft
2021-01-14 07:49:51
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
2019-07-25 07:58:44
zdt
zdt
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Exploit
2019-07-28 00:00:00
Microsoft Windows 10 1903/1809 RPCSS Activation Kernel Security Callback Privilege Escalation
2019-07-18 00:00:00
thn
thn
Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
2019-08-07 23:00:00
mssecure
mssecure
A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
2019-08-07 23:50:25
threatpost
threatpost
Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack
2019-08-07 23:00:15

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.279 Low

EPSS

Percentile

96.7%

JSON
Related for KLA11819
mskb18openvas14nessus22prion26cve26kaspersky2debiancve1ubuntucve1talosblog1veracode1osv2f51symantec25mscve25zdi11attackerkb2krebs1checkpoint_advisories10cisa_kev1githubexploit4zdt2thn1mssecure1threatpost1