An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
An authenticated attacker could exploit this vulnerability by running a specially crafted application.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
{"id": "MS:CVE-2019-0661", "bulletinFamily": "microsoft", "title": "Windows Kernel Information Disclosure Vulnerability", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nAn authenticated attacker could exploit this vulnerability by running a specially crafted application.\n\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n", "published": "2019-02-12T08:00:00", "modified": "2019-02-12T08:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0661", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2019-0661"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-26T18:28:13", "edition": 1, "viewCount": 3, "enchantments": {"backreferences": {"references": [{"idList": ["OPENVAS:1361412562310814686"], "type": "openvas"}, {"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["TALOSBLOG:AB5E63755953149993334997F5123794"], "type": "talosblog"}, {"idList": ["SMB_NT_MS19_FEB_4487025.NASL"], "type": "nessus"}, {"idList": ["KB4487019"], "type": "mskb"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["KLA11418"], "type": "kaspersky"}, {"idList": ["SMNTC-106870"], "type": "symantec"}, {"idList": ["CVE-2019-0661"], "type": "cve"}, {"idList": ["CPAI-2019-0114"], "type": "checkpoint_advisories"}]}, "dependencies": {"references": [{"idList": ["OPENVAS:1361412562310814686"], "type": "openvas"}, {"idList": ["SMB_NT_MS19_FEB_4487025.NASL", "SMB_NT_MS19_FEB_4487019.NASL", "SMB_NT_MS19_FEB_4486563.NASL"], "type": "nessus"}, {"idList": ["TALOSBLOG:AB5E63755953149993334997F5123794"], "type": "talosblog"}, {"idList": ["KLA11879", "KLA11418"], "type": "kaspersky"}, {"idList": ["CVE-2019-0661", "CVE-2019-0621", "CVE-2019-0663"], "type": "cve"}, {"idList": ["SMNTC-106870"], "type": "symantec"}, {"idList": ["CPAI-2019-0114"], "type": "checkpoint_advisories"}]}, "exploitation": null, "score": {"value": 1.9, "vector": "NONE"}, "vulnersScore": 1.9}, "_state": {"dependencies": 1666809388, "score": 1666809538}, "_internal": {"score_hash": "13168c66cf56205315fa44b669b703cb"}, "kbList": ["KB4487019", "KB4487023", "KB4480970", "KB4486993", "KB4486564", "KB4486563", "KB4487025", "KB4480968"], "msrc": "", "mscve": "CVE-2019-0661", "msAffectedSoftware": [{"kb": "KB4486564", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4487023", "kbSupersedence": "KB4480968", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4486993", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012", "operator": "", "version": ""}, {"kb": "KB4486563", "kbSupersedence": "KB4480970", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4486564", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4486564", "kbSupersedence": "", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4487023", "kbSupersedence": "KB4480968", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4487019", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4487023", "kbSupersedence": "KB4480968", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4487025", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4486563", "kbSupersedence": "KB4480970", "msplatform": "", "name": "windows server 2008 r2 for itanium-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4486564", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4486564", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 r2 for itanium-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4487019", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for itanium-based systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4486563", "kbSupersedence": "KB4480970", "msplatform": "", "name": "windows 7 for 32-bit systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4487019", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for x64-based systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4487019", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4487025", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012", "operator": "", "version": ""}, {"kb": "KB4487019", "kbSupersedence": "", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4486993", "kbSupersedence": "", "msplatform": "", "name": "windows server 2012 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4487023", "kbSupersedence": "KB4480968", "msplatform": "", "name": "windows server 2008 for 32-bit systems service pack 2", "operator": "", "version": ""}, {"kb": "KB4486563", "kbSupersedence": "KB4480970", "msplatform": "", "name": "windows 7 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4486563", "kbSupersedence": "KB4480970", "msplatform": "", "name": "windows server 2008 r2 for x64-based systems service pack 1", "operator": "", "version": ""}, {"kb": "KB4487023", "kbSupersedence": "KB4480968", "msplatform": "", "name": "windows server 2008 for itanium-based systems service pack 2", "operator": "", "version": ""}], "vendorCvss": {"baseScore": "4.7", "temporalScore": "4.2", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"}}
{"checkpoint_advisories": [{"lastseen": "2021-12-17T11:24:06", "description": "An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-02-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Kernel Information Disclosure (CVE-2019-0661)", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0661"], "modified": "2019-02-12T00:00:00", "id": "CPAI-2019-0114", "href": "", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "symantec": [{"lastseen": "2021-06-08T19:05:45", "description": "### Description\n\nMicrosoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2019-02-12T00:00:00", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2019-0661 Local Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-0661"], "modified": "2019-02-12T00:00:00", "id": "SMNTC-106870", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/106870", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T18:53:46", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0663.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0661", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0621", "CVE-2019-0661", "CVE-2019-0663"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-0661", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0661", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:53:49", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0621, CVE-2019-0661.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0663", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0621", "CVE-2019-0661", "CVE-2019-0663"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2019-0663", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0663", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:52:50", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0661, CVE-2019-0663.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0621", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0621", "CVE-2019-0661", "CVE-2019-0663"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2019-0621", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0621", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T14:48:43", "description": "The remote Windows host is missing security update 4487019 or cumulative update 4487023. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487019: Windows Server 2008 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0654", "CVE-2019-0657", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0664"], "modified": "2022-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4487019.NASL", "href": "https://www.tenable.com/plugins/nessus/122123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122123);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0654\",\n \"CVE-2019-0657\",\n \"CVE-2019-0660\",\n \"CVE-2019-0661\",\n \"CVE-2019-0662\",\n \"CVE-2019-0664\"\n );\n script_xref(name:\"MSKB\", value:\"4487023\");\n script_xref(name:\"MSKB\", value:\"4487019\");\n script_xref(name:\"MSFT\", value:\"MS19-4487023\");\n script_xref(name:\"MSFT\", value:\"MS19-4487019\");\n\n script_name(english:\"KB4487019: Windows Server 2008 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487019\nor cumulative update 4487023. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\");\n # https://support.microsoft.com/en-us/help/4487023/windows-server-2008-update-kb4487023\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68a182bd\");\n # https://support.microsoft.com/en-us/help/4487019/windows-server-2008-update-kb4487019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e07d6a61\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4487019 or Cumulative Update KB4487023.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487019', '4487023');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487019, 4487023])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:29", "description": "The remote Windows host is missing security update 4486564 or cumulative update 4486563. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4486564: Windows 7 and Windows Server 2008 R2 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0654", "CVE-2019-0657", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4486563.NASL", "href": "https://www.tenable.com/plugins/nessus/122118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122118);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0606\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0654\",\n \"CVE-2019-0657\",\n \"CVE-2019-0660\",\n \"CVE-2019-0661\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0664\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4486564\");\n script_xref(name:\"MSKB\", value:\"4486563\");\n script_xref(name:\"MSFT\", value:\"MS19-4486564\");\n script_xref(name:\"MSFT\", value:\"MS19-4486563\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4486564: Windows 7 and Windows Server 2008 R2 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4486564\nor cumulative update 4486563. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4486564/windows-7-update-kb4486564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2c21cca\");\n # https://support.microsoft.com/en-us/help/4486563/windows-7-update-kb4486563\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf04f83f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4486564 or Cumulative Update KB4486563.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4486564', '4486563');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4486564, 4486563])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:11", "description": "The remote Windows host is missing security update 4486993 or cumulative update 4487025. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4486993: Windows Server 2012 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0654", "CVE-2019-0657", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4487025.NASL", "href": "https://www.tenable.com/plugins/nessus/122125", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122125);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0633\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0654\",\n \"CVE-2019-0657\",\n \"CVE-2019-0660\",\n \"CVE-2019-0661\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0664\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4486993\");\n script_xref(name:\"MSKB\", value:\"4487025\");\n script_xref(name:\"MSFT\", value:\"MS19-4486993\");\n script_xref(name:\"MSFT\", value:\"MS19-4487025\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4486993: Windows Server 2012 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4486993\nor cumulative update 4487025. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4486993/windows-server-2012-update-kb4486993\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?067a0516\");\n # https://support.microsoft.com/en-us/help/4487025/windows-server-2012-update-kb4487025\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2ede4e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4486993 or Cumulative Update KB4487025.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4486993', '4487025');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4486993, 4487025])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-05T16:27:15", "description": "This host is missing a critical security\n update according to Microsoft KB4486563", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4486563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0595", "CVE-2019-0660", "CVE-2019-0597", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0654", "CVE-2019-0661", "CVE-2019-0616", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0596", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0621", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0615", "CVE-2019-0664", "CVE-2019-0623", "CVE-2019-0635"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814686", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814686", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814686\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0595\", \"CVE-2019-0596\", \"CVE-2019-0597\", \"CVE-2019-0598\",\n \"CVE-2019-0599\", \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\",\n \"CVE-2019-0606\", \"CVE-2019-0615\", \"CVE-2019-0616\", \"CVE-2019-0618\",\n \"CVE-2019-0619\", \"CVE-2019-0621\", \"CVE-2019-0623\", \"CVE-2019-0625\",\n \"CVE-2019-0626\", \"CVE-2019-0628\", \"CVE-2019-0630\", \"CVE-2019-0635\",\n \"CVE-2019-0636\", \"CVE-2019-0654\", \"CVE-2019-0660\", \"CVE-2019-0661\",\n \"CVE-2019-0662\", \"CVE-2019-0664\", \"CVE-2019-0676\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 10:33:26 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4486563)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4486563\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Human Interface Devices (HID) component improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Win32k component fails to properly handle objects in memory.\n\n - DHCP servers fails to properly handle network packets.\n\n - Microsoft Server Message Block 2.0 (SMBv2) server improperly handles\n specially crafted requests.\n\n - Windows Hyper-V on a host operating system fails to properly validate input\n from an authenticated user on a guest operating system.\n\n - Microsoft browsers improperly handles specific redirects.\n\n - Internet Explorer improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code on a victim system, obtain information\n to further compromise the user's system, gain elevated privileges and\n conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4486563\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Ntoskrnl.exe\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24354\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Ntoskrnl.exe\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24354\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:01:57", "description": "### *Detect date*:\n02/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nMicrosoft Office 2019 for 64-bit editions \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nOffice 365 ProPlus for 64-bit Systems \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1803 for ARM64-based Systems \nOffice 365 ProPlus for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nMicrosoft Office 2016 (32-bit edition) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nMicrosoft Office 2019 for 32-bit editions \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows 10 Version 1809 for x64-based Systems \nMicrosoft Office 2016 (64-bit edition) \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 Version 1803 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0630](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0630>) \n[CVE-2019-0618](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0618>) \n[CVE-2019-0619](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0619>) \n[CVE-2019-0635](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0635>) \n[CVE-2019-0636](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0636>) \n[CVE-2019-0674](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0674>) \n[CVE-2019-0616](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0616>) \n[CVE-2019-0671](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0671>) \n[CVE-2019-0615](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0615>) \n[CVE-2019-0599](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0599>) \n[CVE-2019-0598](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0598>) \n[CVE-2019-0595](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0595>) \n[CVE-2019-0597](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0597>) \n[CVE-2019-0596](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0596>) \n[CVE-2019-0626](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0626>) \n[CVE-2019-0625](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0625>) \n[CVE-2019-0623](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0623>) \n[CVE-2019-0621](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0621>) \n[CVE-2019-0601](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0601>) \n[CVE-2019-0600](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0600>) \n[CVE-2019-0602](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0602>) \n[CVE-2019-0628](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0628>) \n[CVE-2019-0663](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0663>) \n[CVE-2019-0662](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0662>) \n[CVE-2019-0661](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0661>) \n[CVE-2019-0660](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0660>) \n[CVE-2019-0664](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0664>) \n[CVE-2019-0673](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0673>) \n[ADV190006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190006>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2019-0673](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0673>)9.3Critical \n[CVE-2019-0674](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0674>)9.3Critical \n[CVE-2019-0671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0671>)9.3Critical \n[CVE-2019-0636](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0636>)2.1Warning \n[CVE-2019-0623](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0623>)7.2High \n[CVE-2019-0661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0661>)2.1Warning \n[CVE-2019-0599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0599>)9.3Critical \n[CVE-2019-0595](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0595>)9.3Critical \n[CVE-2019-0664](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0664>)4.3Warning \n[CVE-2019-0615](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0615>)4.3Warning \n[CVE-2019-0600](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0600>)1.9Warning \n[CVE-2019-0619](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0619>)4.3Warning \n[CVE-2019-0660](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0660>)4.3Warning \n[CVE-2019-0616](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0616>)4.3Warning \n[CVE-2019-0626](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0626>)7.5Critical \n[CVE-2019-0618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0618>)9.3Critical \n[CVE-2019-0625](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0625>)9.3Critical \n[CVE-2019-0628](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0628>)2.1Warning \n[CVE-2019-0602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0602>)4.3Warning \n[CVE-2019-0601](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0601>)1.9Warning \n[CVE-2019-0621](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0621>)2.1Warning \n[CVE-2019-0635](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0635>)5.5High \n[CVE-2019-0597](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0597>)9.3Critical \n[CVE-2019-0596](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0596>)9.3Critical \n[CVE-2019-0630](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0630>)9.0Critical \n[CVE-2019-0598](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0598>)9.3Critical \n[CVE-2019-0662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0662>)9.3Critical \n[CVE-2019-0663](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0663>)2.1Warning\n\n### *KB list*:\n[4486563](<http://support.microsoft.com/kb/4486563>) \n[4487023](<http://support.microsoft.com/kb/4487023>) \n[4486564](<http://support.microsoft.com/kb/4486564>) \n[4487019](<http://support.microsoft.com/kb/4487019>) \n[4489878](<http://support.microsoft.com/kb/4489878>) \n[4489885](<http://support.microsoft.com/kb/4489885>) \n[4489880](<http://support.microsoft.com/kb/4489880>) \n[4489876](<http://support.microsoft.com/kb/4489876>) \n[4493472](<http://support.microsoft.com/kb/4493472>) \n[4493471](<http://support.microsoft.com/kb/4493471>) \n[4493458](<http://support.microsoft.com/kb/4493458>) \n[4493448](<http://support.microsoft.com/kb/4493448>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "kaspersky", "title": "KLA11879 Multiple vulnerabiltiies in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0671", "CVE-2019-0673", "CVE-2019-0674"], "modified": "2020-07-22T00:00:00", "id": "KLA11879", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11879/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:10:32", "description": "### *Detect date*:\n02/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions.\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1709 for 64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2016 \nWindows Server 2016 (Server Core installation) \nWindows Server 2019 \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1709 (Server Core Installation) \nWindows Server, version 1803 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0636>) \n[CVE-2019-0623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623>) \n[CVE-2019-0661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0661>) \n[CVE-2019-0599](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0599>) \n[CVE-2019-0595](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0595>) \n[CVE-2019-0664](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0664>) \n[CVE-2019-0615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0615>) \n[CVE-2019-0659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0659>) \n[CVE-2019-0600](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0600>) \n[CVE-2019-0619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0619>) \n[CVE-2019-0627](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627>) \n[CVE-2019-0631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631>) \n[CVE-2019-0660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0660>) \n[CVE-2019-0616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0616>) \n[CVE-2019-0656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0656>) \n[CVE-2019-0626](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626>) \n[CVE-2019-0633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0633>) \n[CVE-2019-0618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0618>) \n[CVE-2019-0625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625>) \n[CVE-2019-0628](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0628>) \n[CVE-2019-0602](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602>) \n[CVE-2019-0601](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0601>) \n[CVE-2019-0637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0637>) \n[CVE-2019-0621](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0621>) \n[CVE-2019-0635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0635>) \n[CVE-2019-0597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0597>) \n[CVE-2019-0596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0596>) \n[CVE-2019-0632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632>) \n[CVE-2019-0630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630>) \n[CVE-2019-0598](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0598>) \n[CVE-2019-0662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662>) \n[ADV190006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190006>) \n[CVE-2019-0663](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0663>) \n[CVE-2019-0673](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673>) \n[CVE-2019-0671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0671>) \n[CVE-2019-0674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0674>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-0673](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0673>)9.3Critical \n[CVE-2019-0674](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0674>)9.3Critical \n[CVE-2019-0671](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0671>)9.3Critical \n[CVE-2019-0636](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0636>)2.1Warning \n[CVE-2019-0623](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0623>)7.2High \n[CVE-2019-0661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0661>)2.1Warning \n[CVE-2019-0599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0599>)9.3Critical \n[CVE-2019-0595](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0595>)9.3Critical \n[CVE-2019-0664](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0664>)4.3Warning \n[CVE-2019-0615](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0615>)4.3Warning \n[CVE-2019-0659](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0659>)4.4Warning \n[CVE-2019-0600](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0600>)1.9Warning \n[CVE-2019-0619](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0619>)4.3Warning \n[CVE-2019-0627](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0627>)4.6Warning \n[CVE-2019-0631](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0631>)4.6Warning \n[CVE-2019-0660](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0660>)4.3Warning \n[CVE-2019-0616](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0616>)4.3Warning \n[CVE-2019-0656](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0656>)6.9High \n[CVE-2019-0626](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0626>)7.5Critical \n[CVE-2019-0633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0633>)9.0Critical \n[CVE-2019-0618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0618>)9.3Critical \n[CVE-2019-0625](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0625>)9.3Critical \n[CVE-2019-0628](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0628>)2.1Warning \n[CVE-2019-0602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0602>)4.3Warning \n[CVE-2019-0601](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0601>)1.9Warning \n[CVE-2019-0637](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0637>)5.0Critical \n[CVE-2019-0621](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0621>)2.1Warning \n[CVE-2019-0635](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0635>)5.5High \n[CVE-2019-0597](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0597>)9.3Critical \n[CVE-2019-0596](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0596>)9.3Critical \n[CVE-2019-0632](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0632>)4.6Warning \n[CVE-2019-0630](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0630>)9.0Critical \n[CVE-2019-0598](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0598>)9.3Critical \n[CVE-2019-0662](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0662>)9.3Critical \n[CVE-2019-0663](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0663>)2.1Warning\n\n### *KB list*:\n[4487020](<http://support.microsoft.com/kb/4487020>) \n[4487017](<http://support.microsoft.com/kb/4487017>) \n[4486996](<http://support.microsoft.com/kb/4486996>) \n[4487026](<http://support.microsoft.com/kb/4487026>) \n[4487025](<http://support.microsoft.com/kb/4487025>) \n[4487044](<http://support.microsoft.com/kb/4487044>) \n[4487018](<http://support.microsoft.com/kb/4487018>) \n[4487028](<http://support.microsoft.com/kb/4487028>) \n[4487000](<http://support.microsoft.com/kb/4487000>) \n[4486993](<http://support.microsoft.com/kb/4486993>) \n[4489881](<http://support.microsoft.com/kb/4489881>) \n[4489891](<http://support.microsoft.com/kb/4489891>) \n[4489883](<http://support.microsoft.com/kb/4489883>) \n[4489886](<http://support.microsoft.com/kb/4489886>) \n[4489899](<http://support.microsoft.com/kb/4489899>) \n[4489871](<http://support.microsoft.com/kb/4489871>) \n[4489868](<http://support.microsoft.com/kb/4489868>) \n[4489872](<http://support.microsoft.com/kb/4489872>) \n[4489884](<http://support.microsoft.com/kb/4489884>) \n[4489882](<http://support.microsoft.com/kb/4489882>) \n[4493441](<http://support.microsoft.com/kb/4493441>) \n[4493474](<http://support.microsoft.com/kb/4493474>) \n[4493464](<http://support.microsoft.com/kb/4493464>) \n[4493509](<http://support.microsoft.com/kb/4493509>) \n[4493470](<http://support.microsoft.com/kb/4493470>) \n[4493475](<http://support.microsoft.com/kb/4493475>) \n[4493451](<http://support.microsoft.com/kb/4493451>) \n[4493467](<http://support.microsoft.com/kb/4493467>) \n[4493446](<http://support.microsoft.com/kb/4493446>) \n[4493450](<http://support.microsoft.com/kb/4493450>)\n\n### *Microsoft official advisories*:\n\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "kaspersky", "title": "KLA11418 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0637", "CVE-2019-0656", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0671", "CVE-2019-0673", "CVE-2019-0674"], "modified": "2020-07-22T00:00:00", "id": "KLA11418", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11418/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-03-07T08:34:06", "description": "[](<http://2.bp.blogspot.com/-C9ApwGTNu7M/XGLvRFSNSsI/AAAAAAAAFT4/OR6BvUFDD30mBvNZE70PUde_GycCBeNlACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 69 vulnerabilities, 20 of which are rated \u201ccritical,\u201d 46 that are considered \u201cimportant\u201d and three that are \u201cmoderate.\u201d This release also includes a critical security advisory regarding a security update to Adobe Flash Player \n \nThis month\u2019s security update covers security issues in a variety of Microsoft\u2019s products, including the Chakra Scripting Engine and the Internet Explorer and Exchange web browsers. For coverage of these vulnerabilities, read the SNORT\u24c7 blog post [here](<https://blog.snort.org/2019/02/snort-rule-update-for-feb-12-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 20 critical vulnerabilities this month, 12 of which we will highlight below. \n \n[CVE-2019-0590](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0590>), [CVE-2019-0591](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0591>), [CVE-2019-0593](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0593>), [CVE-2019-0640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0640>), [CVE-2019-0642](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0642>), [CVE-2019-0644](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0644>), [CVE-2019-0651](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0651>), [CVE-2019-0652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0652>) and [CVE-2019-0655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0655>) are all memory corruption vulnerabilities in Microsoft scripting engine. The bugs all lie in the way the engine processes objects in memory in the Microsoft Edge web browser. An attacker could exploit this vulnerability to corrupt the machine\u2019s memory, eventually allowing them to execute code remotely in the context of the current users. A user could trigger this bug by either visiting a malicious web page while using Edge, or by accessing specially crafted content created by the attacker. \n \n[CVE-2019-0606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0606>) is a memory corruption vulnerability in Microsoft Internet Explorer. The problem lies in the way the web browser accesses objects in memory. An attacker could exploit this vulnerability by tricking a user into visiting a specially crafted website or user-created content in Internet Explorer. Once triggered, the attacker could gain the ability to execute code remotely in the context of the current user. \n \n[CVE-2019-0645](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0645>) and [CVE-2019-0650](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0650>) are memory corruption vulnerabilities that exist in Microsoft Edge when the web browser fails to properly handle objects in memory. An attacker could exploit this vulnerability by tricking a user into visiting a maliciously crafted website in Edge, or clicking on specially crafted content. An attacker could use this bug to gain the ability to execute arbitrary code in the context of the current user. \n \nThese are the other critical vulnerabilities: \n \n\n\n * [CVE-2019-0594](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594>)\n * [CVE-2019-0604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604>)\n * [CVE-2019-0605](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0605>)\n * [CVE-2019-0607](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0607>)\n * [CVE-2019-0618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0618>)\n * [CVE-2019-0626](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626>)\n * [CVE-2019-0634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0634>)\n * [CVE-2019-0662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662>)\n \n\n\n### Important vulnerabilities\n\nThis release also contains 46 important vulnerabilities: \n \n\n\n * [CVE-2019-0540](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540>)\n * [CVE-2019-0595](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0595>)\n * [CVE-2019-0596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0596>)\n * [CVE-2019-0597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0597>)\n * [CVE-2019-0598](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0598>)\n * [CVE-2019-0599](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0599>)\n * [CVE-2019-0600](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0600>)\n * [CVE-2019-0601](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0601>)\n * [CVE-2019-0602](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602>)\n * [CVE-2019-0610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0610>)\n * [CVE-2019-0613](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613>)\n * [CVE-2019-0615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0615>)\n * [CVE-2019-0616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0616>)\n * [CVE-2019-0619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0619>)\n * [CVE-2019-0623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623>)\n * [CVE-2019-0625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625>)\n * [CVE-2019-0627](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627>)\n * [CVE-2019-0628](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0628>)\n * [CVE-2019-0630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630>)\n * [CVE-2019-0631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631>)\n * [CVE-2019-0632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632>)\n * [CVE-2019-0633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0633>)\n * [CVE-2019-0635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0635>)\n * [CVE-2019-0636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0636>)\n * [CVE-2019-0637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0637>)\n * [CVE-2019-0648](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0648>)\n * [CVE-2019-0649](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0649>)\n * [CVE-2019-0654](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0654>)\n * [CVE-2019-0656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0656>)\n * [CVE-2019-0657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657>)\n * [CVE-2019-0658](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658>)\n * [CVE-2019-0659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0659>)\n * [CVE-2019-0660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0660>)\n * [CVE-2019-0661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0661>)\n * [CVE-2019-0664](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0664>)\n * [CVE-2019-0668](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0668>)\n * [CVE-2019-0671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0671>)\n * [CVE-2019-0672](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0672>)\n * [CVE-2019-0673](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673>)\n * [CVE-2019-0674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0674>)\n * [CVE-2019-0675](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0675>)\n * [CVE-2019-0676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676>)\n * [CVE-2019-0686](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686>)\n * [CVE-2019-0728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0728>)\n\n### Moderate\n\nThere were also three moderate vulnerabilities in this release: [CVE-2019-0641](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0641>), [CVE-2019-0643](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0643>) and [CVE-2019-0670](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670>). \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing the following SNORT\u24c7 rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: [49128 - 49170](<https://snort.org/advisories/talos-rules-2019-02-12>) \n\n\n \n\n\n", "cvss3": {}, "published": "2019-02-12T11:55:00", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 February 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-0540", "CVE-2019-0590", "CVE-2019-0591", "CVE-2019-0593", "CVE-2019-0594", "CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0604", "CVE-2019-0605", "CVE-2019-0606", "CVE-2019-0607", "CVE-2019-0610", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0634", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0637", "CVE-2019-0640", "CVE-2019-0641", "CVE-2019-0642", "CVE-2019-0643", "CVE-2019-0644", "CVE-2019-0645", "CVE-2019-0648", "CVE-2019-0649", "CVE-2019-0650", "CVE-2019-0651", "CVE-2019-0652", "CVE-2019-0654", "CVE-2019-0655", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0658", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0664", "CVE-2019-0668", "CVE-2019-0670", "CVE-2019-0671", "CVE-2019-0672", "CVE-2019-0673", "CVE-2019-0674", "CVE-2019-0675", "CVE-2019-0676", "CVE-2019-0686", "CVE-2019-0728"], "modified": "2019-02-12T19:55:00", "id": "TALOSBLOG:AB5E63755953149993334997F5123794", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/YjaBeKVxw9M/microsoft-patch-tuesday-february-2019.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
Windows Kernel Information Disclosure Vulnerability
