{"id": "MS:CVE-2019-0731", "vendorId": null, "type": "mscve", "bulletinFamily": "microsoft", "title": "Windows Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.\n\nThe update addresses the vulnerability by correcting how Windows handles calls to LUAFV.\n", "published": "2019-04-09T07:00:00", "modified": "2019-04-09T07:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0731", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2019-0731"], "immutableFields": [], "lastseen": "2021-12-06T18:25:16", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-0440"]}, {"type": "cve", "idList": ["CVE-2019-0731"]}, {"type": "kaspersky", "idList": ["KLA11460", "KLA11875"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_APR_4493441.NASL", "SMB_NT_MS19_APR_4493446.NASL", "SMB_NT_MS19_APR_4493451.NASL", "SMB_NT_MS19_APR_4493464.NASL", "SMB_NT_MS19_APR_4493470.NASL", "SMB_NT_MS19_APR_4493471.NASL", "SMB_NT_MS19_APR_4493472.NASL", "SMB_NT_MS19_APR_4493474.NASL", "SMB_NT_MS19_APR_4493475.NASL", "SMB_NT_MS19_APR_4493509.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815019", "OPENVAS:1361412562310815020", "OPENVAS:1361412562310815021", "OPENVAS:1361412562310815022", "OPENVAS:1361412562310815023", "OPENVAS:1361412562310815024", "OPENVAS:1361412562310815033", "OPENVAS:1361412562310815034", "OPENVAS:1361412562310815036"]}, {"type": "symantec", "idList": ["SMNTC-107710"]}, {"type": "talosblog", "idList": ["TALOSBLOG:C41259322CA5338694B85978B0EA6FA5"]}, {"type": "zdt", "idList": ["1337DAY-ID-32556"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-0440"]}, {"type": "cisa", "idList": ["CISA:574A6E25827684C587359C37EF1D5132"]}, {"type": "cve", "idList": ["CVE-2019-0731"]}, {"type": "kaspersky", "idList": ["KLA11460", "KLA11875"]}, {"type": "mskb", "idList": ["KB4489880", "KB4493448", "KB4493509"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_APR_4493471.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815019", "OPENVAS:1361412562310815020", "OPENVAS:1361412562310815021", "OPENVAS:1361412562310815022", "OPENVAS:1361412562310815023", "OPENVAS:1361412562310815024", "OPENVAS:1361412562310815033", "OPENVAS:1361412562310815034", "OPENVAS:1361412562310815036"]}, {"type": "symantec", "idList": ["SMNTC-107710"]}, {"type": "talosblog", "idList": ["TALOSBLOG:C41259322CA5338694B85978B0EA6FA5"]}, {"type": "threatpost", "idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"]}, {"type": "zdt", "idList": ["1337DAY-ID-32556"]}]}, "exploitation": null, "vulnersScore": 5.2}, "kbList": ["KB4489886", "KB4493458", "KB4493441", "KB4493474", "KB4489878", "KB4493472", "KB4493464", "KB4489881", "KB4489868", "KB4493448", "KB4493451", "KB4493450", "KB4489871", "KB4489882", "KB4493470", "KB4489891", "KB4489872", "KB4493471", "KB4493509", "KB4493467", "KB4493446", "KB4493475", "KB4489899", "KB4489880"], "msrc": "", "mscve": "CVE-2019-0731", "msAffectedSoftware": [{"name": "Windows Server 2012 R2 (Server Core installation)", "kbSupersedence": "KB4489881", "kb": "KB4493446", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2012 R2 (Server Core installation)", "kbSupersedence": "", "kb": "KB4493467", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2012 R2", "kbSupersedence": "KB4489881", "kb": "KB4493446", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2012 R2", "kbSupersedence": "", "kb": "KB4493467", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2012 (Server Core installation)", "kbSupersedence": "KB4489891", "kb": "KB4493451", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2012 (Server Core installation)", "kbSupersedence": "", "kb": "KB4493450", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2012", "kbSupersedence": "KB4489891", "kb": "KB4493451", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2012", "kbSupersedence": "", "kb": "KB4493450", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "kbSupersedence": "KB4489878", "kb": "KB4493472", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "kbSupersedence": "", "kb": "KB4493448", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "kbSupersedence": "KB4489878", "kb": "KB4493472", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "kbSupersedence": "", "kb": "KB4493448", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", "kbSupersedence": "KB4489878", "kb": "KB4493472", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", "kbSupersedence": "", "kb": "KB4493448", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", "kbSupersedence": "KB4489880", "kb": "KB4493471", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", "kbSupersedence": "", "kb": "KB4493458", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for x64-based Systems Service Pack 2", "kbSupersedence": "KB4489880", "kb": "KB4493471", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for x64-based Systems Service Pack 2", "kbSupersedence": "", "kb": "KB4493458", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for Itanium-Based Systems Service Pack 2", "kbSupersedence": "KB4489880", "kb": "KB4493471", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for Itanium-Based Systems Service Pack 2", "kbSupersedence": "", "kb": "KB4493458", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "kbSupersedence": "KB4489880", "kb": "KB4493471", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "kbSupersedence": "", "kb": "KB4493458", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for 32-bit Systems Service Pack 2", "kbSupersedence": "KB4489880", "kb": "KB4493471", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2008 for 32-bit Systems Service Pack 2", "kbSupersedence": "", "kb": "KB4493458", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows RT 8.1", "kbSupersedence": "KB4489881", "kb": "KB4493446", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 8.1 for x64-based systems", "kbSupersedence": "KB4489881", "kb": "KB4493446", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 8.1 for x64-based systems", "kbSupersedence": "", "kb": "KB4493467", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 8.1 for 32-bit systems", "kbSupersedence": "KB4489881", "kb": "KB4493446", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 8.1 for 32-bit systems", "kbSupersedence": "", "kb": "KB4493467", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 7 for x64-based Systems Service Pack 1", "kbSupersedence": "KB4489878", "kb": "KB4493472", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 7 for x64-based Systems Service Pack 1", "kbSupersedence": "", "kb": "KB4493448", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 7 for 32-bit Systems Service Pack 1", "kbSupersedence": "KB4489878", "kb": "KB4493472", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 7 for 32-bit Systems Service Pack 1", "kbSupersedence": "", "kb": "KB4493448", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2016 (Server Core installation)", "kbSupersedence": "KB4489882", "kb": "KB4493470", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2016", "kbSupersedence": "KB4489882", "kb": "KB4493470", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1607 for x64-based Systems", "kbSupersedence": "KB4489882", "kb": "KB4493470", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1607 for 32-bit Systems", "kbSupersedence": "KB4489882", "kb": "KB4493470", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 for x64-based Systems", "kbSupersedence": "KB4489872", "kb": "KB4493475", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 for 32-bit Systems", "kbSupersedence": "KB4489872", "kb": "KB4493475", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server, version 1709 (Server Core Installation)", "kbSupersedence": "KB4489886", "kb": "KB4493441", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1709 for ARM64-based Systems", "kbSupersedence": "KB4489886", "kb": "KB4493441", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1709 for x64-based Systems", "kbSupersedence": "KB4489886", "kb": "KB4493441", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1709 for 32-bit Systems", "kbSupersedence": "KB4489886", "kb": "KB4493441", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2019 (Server Core installation)", "kbSupersedence": "KB4489899", "kb": "KB4493509", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server 2019", "kbSupersedence": "KB4489899", "kb": "KB4493509", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1809 for ARM64-based Systems", "kbSupersedence": "KB4489899", "kb": "KB4493509", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1809 for x64-based Systems", "kbSupersedence": "KB4489899", "kb": "KB4493509", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1809 for 32-bit Systems", "kbSupersedence": "KB4489899", "kb": "KB4493509", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1803 for ARM64-based Systems", "kbSupersedence": "KB4489868", "kb": "KB4493464", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows Server, version 1803 (Server Core Installation)", "kbSupersedence": "KB4489868", "kb": "KB4493464", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1803 for x64-based Systems", "kbSupersedence": "KB4489868", "kb": "KB4493464", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1803 for 32-bit Systems", "kbSupersedence": "KB4489868", "kb": "KB4493464", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1703 for x64-based Systems", "kbSupersedence": "KB4489871", "kb": "KB4493474", "msplatform": "", "version": "", "operator": ""}, {"name": "Windows 10 Version 1703 for 32-bit Systems", "kbSupersedence": "KB4489871", "kb": "KB4493474", "msplatform": "", "version": "", "operator": ""}], "vendorCvss": {"baseScore": "6.8", "temporalScore": "6.1", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}, "_state": {"dependencies": 1647589307, "score": 0}}

{"checkpoint_advisories": [{"lastseen": "2021-12-17T11:22:31", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows LUAFV Elevation of Privilege (CVE-2019-0731)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0731"], "modified": "2019-04-09T00:00:00", "id": "CPAI-2019-0440", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2019-04-17T19:39:24", "description": "Exploit for windows platform in category local exploits", "cvss3": {}, "published": "2019-04-16T00:00:00", "type": "zdt", "title": "Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2019-0731"], "modified": "2019-04-16T00:00:00", "id": "1337DAY-ID-32556", "href": "https://0day.today/exploit/description/32556", "sourceData": "Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP\r\nPlatform: Windows 10 1809 (not tested earlier)\r\nClass: Elevation of Privilege\r\nSecurity Boundary (per Windows Security Service Criteria): User boundary\r\n\r\nSummary: \r\n\r\nThe LUAFV driver doesn\u2019t take into account a virtualized handle being duplicated to a more privileged process resulting in EoP.\r\n\r\nDescription:\r\n\r\nWhen a caller creates the virtualized file handle the process token is checked for VirtualizationEnabled. If the flag is set and the file create request meets all the criteria for delayed virtualization the driver collates all the necessary information such as the virtual store location for the resulting file if it needs to be copied and stores it in the file object\u2019s context.\r\n\r\nWhen a caller performs an operation on the file which is considered a write action, such as writing or issuing any FsControl request then the method LuafvPreWrite is called which will call LuafvPerformDelayedVirtualization. This results in the store file being created and the contents of the original file copied into the new store file before assigning the new file to the original \u201cfake\u201d file object so that the user can continue to use the file.\r\n\r\nThe vulnerability occurs during LuafvPerformDelayedVirtualization. The driver doesn\u2019t take into account the possibility that the virtualized file handle has been duplicated to a new process, specifically one which runs at higher privileges. For example if a normal user application creates the virtualized file, but then gets a SYSTEM service to duplicate the handle to itself and call one of the mechanisms to trigger LuafvPerformDelayedVirtualization the file creation will run as the SYSTEM user not the original user, but the path to the file will be the original user\u2019s virtual store.\r\n\r\nExamples of possible duplicate primitives would be RPC/COM services which duplicate the handle either explicitly through the system_handle RPC attribute or manually by querying for the caller\u2019s PID and calling DuplicateHandle. Another would be a kernel driver which opens a handle in the current user\u2019s context (or takes a handle parameter) but passes that handle to a system thread for a long running operation. In both these cases the file operation does have to occur without the privileged service impersonating the original caller.\r\n\r\nYou can exploit this behavior in at least two ways. Firstly you could replace the virtual store directory with a mount point. When the virtualization process goes to create the final file it will follow the mount point and create the file in an arbitrary location. The contents of the file are completely controllable by the caller, but even if the privileged code overwrites part of the file the original opened handle can be used to get write access to the file afterwards. The second way would be to drop a hardlink to a file that the privileged service can write to in the virtual store, then when the file is opened by the service it becomes possible for the original caller to modify the file.\r\n\r\nFixing wise I\u2019d probably double check something in LuafvPerformDelayedVirtualization before continuing with the file copy. Perhaps something as simple as user SID + IL would be sufficient, or only for users in the same authentication session as that would even prevent its abuse in UAC cases.\r\n\r\nThese operations can\u2019t be done from any sandbox that I know of so it\u2019s only a user privilege escalation. Note that the user which manipulates the duplicated handle doesn\u2019t need to be an admin, as it\u2019d be possible to modify files owned by that user so it might be possible to abuse this for cross-session or LOCAL SERVICE/NETWORK SERVICE attacks.\r\n\r\nProof of Concept:\r\n\r\nI\u2019ve provided a PoC as a C# project. It will create the file dummy.txt with arbitrary contents inside the windows folder. Note that this PoC is manual, I\u2019ve not gone through and worked out a system service which will perform the necessary operations but I\u2019m confident one will exist as handle duplication is a fairly common technique and you don\u2019t even need to write to the file just perform one of the known actions.\r\n\r\n1) Compile the C# project. It\u2019ll need to pull NtApiDotNet from NuGet to build.\r\n2) As a normal user run the PoC. If there are no errors you should see the line: \u201cRe-run the PoC as an admin with arguments - X Y\u201d.\r\n3) Run as the PoC again as an admin, passing X and Y as arguments from step 2. This admin can be SYSTEM, it doesn\u2019t matter what session or user it runs as.\r\n\r\nExpected Result:\r\nThe virtualization operation fails.\r\n\r\nObserved Result:\r\nThe virtualization operation succeeds and the file c:\\windows\\dummy.txt is created with arbitrary contents.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46714.zip\n\n# 0day.today [2019-04-17] #", "sourceHref": "https://0day.today/exploit/32556", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "symantec": [{"lastseen": "2021-06-08T19:05:47", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges on the system. Failed exploit attempts may result in a denial of service condition.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2019-04-09T00:00:00", "type": "symantec", "title": "Microsoft Windows LUAFV Driver CVE-2019-0731 Local Privilege Escalation Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-0731"], "modified": "2019-04-09T00:00:00", "id": "SMNTC-107710", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107710", "cvss": {"score": 0.0, "vector": "NONE"}}], "attackerkb": [{"lastseen": "2022-04-17T02:33:04", "description": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u2018Windows Elevation of Privilege Vulnerability\u2019. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-30T00:00:00", "type": "attackerkb", "title": "CVE-2019-0841", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0796", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0841"], "modified": "2019-10-30T00:00:00", "id": "AKB:3154D471-608C-4921-9FBA-506AFF5270DC", "href": "https://attackerkb.com/topics/6IKP7akOvU/cve-2019-0841", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T18:56:11", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T21:29:00", "type": "cve", "title": "CVE-2019-0805", "cwe": ["CWE-345"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0796", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0841"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2019-0805", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0805", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:55:48", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-09T21:29:00", "type": "cve", "title": "CVE-2019-0796", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0796", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0841"], "modified": "2019-05-08T22:11:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2019-0796", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0796", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:57:15", "description": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T21:29:00", "type": "cve", "title": "CVE-2019-0841", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0796", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0841"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2019-0841", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0841", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:57:09", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T21:29:00", "type": "cve", "title": "CVE-2019-0836", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0796", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0841"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2019-0836", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0836", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:54:50", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T21:29:00", "type": "cve", "title": "CVE-2019-0731", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0796", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0841"], "modified": "2019-05-08T22:11:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2019-0731", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0731", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:54:50", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-09T21:29:00", "type": "cve", "title": "CVE-2019-0730", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0796", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0841"], "modified": "2019-05-08T22:11:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2019-0730", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0730", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-05-04T15:33:56", "description": "The remote Windows host is missing security update 4493458 or cumulative update 4493471. It is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493458: Windows Server 2008 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0764", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_APR_4493471.NASL", "href": "https://www.tenable.com/plugins/nessus/123944", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123944);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0764\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0836\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493458\");\n script_xref(name:\"MSKB\", value:\"4493471\");\n script_xref(name:\"MSFT\", value:\"MS19-4493458\");\n script_xref(name:\"MSFT\", value:\"MS19-4493471\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4493458: Windows Server 2008 April 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493458\nor cumulative update 4493471. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0791,\n CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\");\n # https://support.microsoft.com/en-us/help/4493458/windows-server-2008-update-kb4493458\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1226b4be\");\n # https://support.microsoft.com/en-us/help/4493471/windows-server-2008-update-kb4493471\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78333a24\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4493458 or Cumulative Update KB4493471.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493458', '4493471');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493458, 4493471])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-04T15:32:20", "description": "The remote Windows host is missing security update 4493448 or cumulative update 4493472. It is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493448: Windows 7 and Windows Server 2008 R2 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0862", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-02-22T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_APR_4493472.NASL", "href": "https://www.tenable.com/plugins/nessus/123945", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123945);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/22\");\n\n script_cve_id(\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0752\",\n \"CVE-2019-0753\",\n \"CVE-2019-0764\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0835\",\n \"CVE-2019-0836\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0862\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493472\");\n script_xref(name:\"MSKB\", value:\"4493448\");\n script_xref(name:\"MSFT\", value:\"MS19-4493472\");\n script_xref(name:\"MSFT\", value:\"MS19-4493448\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/15\");\n\n script_name(english:\"KB4493448: Windows 7 and Windows Server 2008 R2 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493448\nor cumulative update 4493472. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0791,\n CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\");\n # https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6116930e\");\n # https://support.microsoft.com/en-us/help/4493448/windows-7-update-kb4493448\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d5c746a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4493448 or Cumulative Update KB4493472.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493448', '4493472');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493448, 4493472])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-04T15:33:08", "description": "The remote Windows host is missing security update 4493450 or cumulative update 4493451. It is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493450: Windows Server 2012 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0862", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-02-22T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_APR_4493451.NASL", "href": "https://www.tenable.com/plugins/nessus/123941", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123941);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/22\");\n\n script_cve_id(\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0752\",\n \"CVE-2019-0753\",\n \"CVE-2019-0764\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0835\",\n \"CVE-2019-0836\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0862\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493450\");\n script_xref(name:\"MSKB\", value:\"4493451\");\n script_xref(name:\"MSFT\", value:\"MS19-4493450\");\n script_xref(name:\"MSFT\", value:\"MS19-4493451\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/15\");\n\n script_name(english:\"KB4493450: Windows Server 2012 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493450\nor cumulative update 4493451. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\");\n # https://support.microsoft.com/en-us/help/4493450/windows-server-2012-update-kb4493450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6bb344b\");\n # https://support.microsoft.com/en-us/help/4493451/windows-server-2012-update-kb4493451\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b9c0466\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4493450 or Cumulative Update KB4493451.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493450', '4493451');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493450, 4493451])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-04T15:33:08", "description": "The remote Windows host is missing security update 4493467 or cumulative update 4493446. It is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493467: Windows 8.1 and Windows Server 2012 R2 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0862", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-02-22T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_APR_4493446.NASL", "href": "https://www.tenable.com/plugins/nessus/123940", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123940);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/22\");\n\n script_cve_id(\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0752\",\n \"CVE-2019-0753\",\n \"CVE-2019-0764\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0835\",\n \"CVE-2019-0836\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0862\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493446\");\n script_xref(name:\"MSKB\", value:\"4493467\");\n script_xref(name:\"MSFT\", value:\"MS19-4493446\");\n script_xref(name:\"MSFT\", value:\"MS19-4493467\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/15\");\n\n script_name(english:\"KB4493467: Windows 8.1 and Windows Server 2012 R2 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493467\nor cumulative update 4493446. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0844)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\");\n # https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60dedb61\");\n # https://support.microsoft.com/en-us/help/4493467/windows-8-1-update-kb4493467\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c9ecc3f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4493467 or Cumulative Update KB4493446.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493467', '4493446');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493467, 4493446])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-21T15:41:43", "description": "The remote Windows host is missing security update 4493464.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-0841)\n\n - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2019-0786)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0840, CVE-2019-0844)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2019-0837)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0685, CVE-2019-0803, CVE-2019-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493464: Windows 10 Version 1803 and Windows Server Version 1803 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0685", "CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0786", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0814", "CVE-2019-0836", "CVE-2019-0837", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0840", "CVE-2019-0841", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-05-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_APR_4493464.NASL", "href": "https://www.tenable.com/plugins/nessus/123942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123942);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2019-0685\",\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0786\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0814\",\n \"CVE-2019-0836\",\n \"CVE-2019-0837\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0840\",\n \"CVE-2019-0841\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493464\");\n script_xref(name:\"MSFT\", value:\"MS19-4493464\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4493464: Windows 10 Version 1803 and Windows Server Version 1803 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493464.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-0841)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Server Message Block (SMB) Server when an\n attacker with valid credentials attempts to open a\n specially crafted file over the SMB protocol on the same\n machine. An attacker who successfully exploited this\n vulnerability could bypass certain security checks in\n the operating system. (CVE-2019-0786)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0840, CVE-2019-0844)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2019-0837)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0685, CVE-2019-0803,\n CVE-2019-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\");\n # https://support.microsoft.com/en-us/help/4493464/windows-10-update-kb4493464\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e3ea96dc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4493464.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AppXSvc Hard Link Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493464');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493464])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-21T15:43:31", "description": "The remote Windows host is missing security update 4493441.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-0841)\n\n - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2019-0786)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0840, CVE-2019-0844)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2019-0837)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0685, CVE-2019-0803, CVE-2019-0859)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493441: Windows 10 Version 1709 and Windows Server Version 1709 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0685", "CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0786", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0814", "CVE-2019-0836", "CVE-2019-0837", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0840", "CVE-2019-0841", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-05-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_APR_4493441.NASL", "href": "https://www.tenable.com/plugins/nessus/123939", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123939);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2019-0685\",\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0786\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0814\",\n \"CVE-2019-0836\",\n \"CVE-2019-0837\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0840\",\n \"CVE-2019-0841\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493441\");\n script_xref(name:\"MSFT\", value:\"MS19-4493441\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4493441: Windows 10 Version 1709 and Windows Server Version 1709 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493441.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-0841)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Server Message Block (SMB) Server when an\n attacker with valid credentials attempts to open a\n specially crafted file over the SMB protocol on the same\n machine. An attacker who successfully exploited this\n vulnerability could bypass certain security checks in\n the operating system. (CVE-2019-0786)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0840, CVE-2019-0844)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2019-0837)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0685, CVE-2019-0803,\n CVE-2019-0859)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\");\n # https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61049c0e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4493441.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AppXSvc Hard Link Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493441');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493441])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-04T15:34:07", "description": "The remote Windows host is missing security update 4493475.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0848)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493475: Windows 10 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0739", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0806", "CVE-2019-0810", "CVE-2019-0812", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0860", "CVE-2019-0861", "CVE-2019-0862", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-02-22T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_APR_4493475.NASL", "href": "https://www.tenable.com/plugins/nessus/123947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123947);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/22\");\n\n script_cve_id(\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0739\",\n \"CVE-2019-0752\",\n \"CVE-2019-0753\",\n \"CVE-2019-0764\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0806\",\n \"CVE-2019-0810\",\n \"CVE-2019-0812\",\n \"CVE-2019-0835\",\n \"CVE-2019-0836\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0860\",\n \"CVE-2019-0861\",\n \"CVE-2019-0862\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493475\");\n script_xref(name:\"MSFT\", value:\"MS19-4493475\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/15\");\n\n script_name(english:\"KB4493475: Windows 10 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493475.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0844)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0803, CVE-2019-0859)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0848)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0806, CVE-2019-0810,\n CVE-2019-0812, CVE-2019-0860, CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\");\n # https://support.microsoft.com/en-us/help/4493475/windows-10-update-kb4493475\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f28d8c79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4493475.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493475');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493475])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-04T15:33:35", "description": "The remote Windows host is missing security update 4493470.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0685, CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493470: Windows 10 Version 1607 and Windows Server 2016 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0685", "CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0739", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0806", "CVE-2019-0810", "CVE-2019-0812", "CVE-2019-0814", "CVE-2019-0829", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0860", "CVE-2019-0861", "CVE-2019-0862", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-02-22T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_APR_4493470.NASL", "href": "https://www.tenable.com/plugins/nessus/123943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123943);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/22\");\n\n script_cve_id(\n \"CVE-2019-0685\",\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0739\",\n \"CVE-2019-0752\",\n \"CVE-2019-0753\",\n \"CVE-2019-0764\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0806\",\n \"CVE-2019-0810\",\n \"CVE-2019-0812\",\n \"CVE-2019-0814\",\n \"CVE-2019-0829\",\n \"CVE-2019-0835\",\n \"CVE-2019-0836\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0860\",\n \"CVE-2019-0861\",\n \"CVE-2019-0862\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493470\");\n script_xref(name:\"MSFT\", value:\"MS19-4493470\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/15\");\n\n script_name(english:\"KB4493470: Windows 10 Version 1607 and Windows Server 2016 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493470.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0844)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0685, CVE-2019-0803,\n CVE-2019-0859)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0806, CVE-2019-0810,\n CVE-2019-0812, CVE-2019-0829, CVE-2019-0860,\n CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\");\n # https://support.microsoft.com/en-us/help/4493470/windows-10-update-kb4493470\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2289eba9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4493470.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493470');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493470])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-29T16:46:52", "description": "The remote Windows host is missing security update 4493474.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2019-0837)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0844)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0685, CVE-2019-0803, CVE-2019-0859)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-0841)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493474: Windows 10 Version 1703 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0685", "CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0739", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0806", "CVE-2019-0810", "CVE-2019-0812", "CVE-2019-0814", "CVE-2019-0829", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0837", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0841", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0860", "CVE-2019-0861", "CVE-2019-0862", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-03-28T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_APR_4493474.NASL", "href": "https://www.tenable.com/plugins/nessus/123946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123946);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2019-0685\",\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0739\",\n \"CVE-2019-0752\",\n \"CVE-2019-0753\",\n \"CVE-2019-0764\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0806\",\n \"CVE-2019-0810\",\n \"CVE-2019-0812\",\n \"CVE-2019-0814\",\n \"CVE-2019-0829\",\n \"CVE-2019-0835\",\n \"CVE-2019-0836\",\n \"CVE-2019-0837\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0841\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0860\",\n \"CVE-2019-0861\",\n \"CVE-2019-0862\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493474\");\n script_xref(name:\"MSFT\", value:\"MS19-4493474\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4493474: Windows 10 Version 1703 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493474.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2019-0837)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0844)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0685, CVE-2019-0803,\n CVE-2019-0859)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-0841)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0806, CVE-2019-0810,\n CVE-2019-0812, CVE-2019-0829, CVE-2019-0860,\n CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\");\n # https://support.microsoft.com/en-us/help/4493474/windows-10-update-kb4493474\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d95979f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4493474.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AppXSvc Hard Link Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493474');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493474])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-21T15:42:45", "description": "The remote Windows host is missing security update 4493509.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0688)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0840, CVE-2019-0844)\n\n - A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0735)\n\n - An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0838)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-0841)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0833)\n\n - A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0685, CVE-2019-0803, CVE-2019-0859)\n\n - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2019-0786)\n\n - A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. (CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. (CVE-2019-0796)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "KB4493509: Windows 10 Version 1809 and Windows Server 2019 April 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0685", "CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0739", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0786", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0806", "CVE-2019-0810", "CVE-2019-0812", "CVE-2019-0814", "CVE-2019-0829", "CVE-2019-0833", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0840", "CVE-2019-0841", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0860", "CVE-2019-0861", "CVE-2019-0862", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-05-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_APR_4493509.NASL", "href": "https://www.tenable.com/plugins/nessus/123948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123948);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2019-0685\",\n \"CVE-2019-0688\",\n \"CVE-2019-0730\",\n \"CVE-2019-0731\",\n \"CVE-2019-0732\",\n \"CVE-2019-0735\",\n \"CVE-2019-0739\",\n \"CVE-2019-0752\",\n \"CVE-2019-0753\",\n \"CVE-2019-0764\",\n \"CVE-2019-0786\",\n \"CVE-2019-0790\",\n \"CVE-2019-0791\",\n \"CVE-2019-0792\",\n \"CVE-2019-0793\",\n \"CVE-2019-0794\",\n \"CVE-2019-0795\",\n \"CVE-2019-0796\",\n \"CVE-2019-0802\",\n \"CVE-2019-0803\",\n \"CVE-2019-0805\",\n \"CVE-2019-0806\",\n \"CVE-2019-0810\",\n \"CVE-2019-0812\",\n \"CVE-2019-0814\",\n \"CVE-2019-0829\",\n \"CVE-2019-0833\",\n \"CVE-2019-0835\",\n \"CVE-2019-0836\",\n \"CVE-2019-0838\",\n \"CVE-2019-0839\",\n \"CVE-2019-0840\",\n \"CVE-2019-0841\",\n \"CVE-2019-0842\",\n \"CVE-2019-0844\",\n \"CVE-2019-0845\",\n \"CVE-2019-0846\",\n \"CVE-2019-0847\",\n \"CVE-2019-0848\",\n \"CVE-2019-0849\",\n \"CVE-2019-0851\",\n \"CVE-2019-0853\",\n \"CVE-2019-0856\",\n \"CVE-2019-0859\",\n \"CVE-2019-0860\",\n \"CVE-2019-0861\",\n \"CVE-2019-0862\",\n \"CVE-2019-0877\",\n \"CVE-2019-0879\"\n );\n script_xref(name:\"MSKB\", value:\"4493509\");\n script_xref(name:\"MSFT\", value:\"MS19-4493509\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4493509: Windows 10 Version 1809 and Windows Server 2019 April 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4493509.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard when Windows improperly handles calls to the LUAFV\n driver (luafv.sys). An attacker who successfully\n exploited this vulnerability could circumvent a User\n Mode Code Integrity (UMCI) policy on the machine.\n (CVE-2019-0732)\n\n - An information disclosure vulnerability exists when the\n Terminal Services component improperly discloses the\n contents of its memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise a users system. (CVE-2019-0839)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles fragmented IP\n packets. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0688)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0840, CVE-2019-0844)\n\n - A tampering vulnerability exists when Microsoft browsers\n do not properly validate input under specific\n conditions. An attacker who exploited the vulnerability\n could pass custom command line parameters.\n (CVE-2019-0764)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could run arbitrary code in the security\n context of the local system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,\n CVE-2019-0836)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0752, CVE-2019-0753, CVE-2019-0862)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0802, CVE-2019-0849)\n\n - A remote code execution vulnerability exists when OLE\n automation improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could gain execution on the victim system.\n (CVE-2019-0794)\n\n - A remote code execution vulnerability exists when the\n IOleCvt interface renders ASP webpage content. An\n attacker who successfully exploited the vulnerability\n could run malicious code remotely to take control of the\n users system. (CVE-2019-0845)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0853)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0842)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0739)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0846, CVE-2019-0847, CVE-2019-0851,\n CVE-2019-0877, CVE-2019-0879)\n\n - An elevation of privilege vulnerability exists when the\n Windows Client Server Run-Time Subsystem (CSRSS) fails\n to properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0735)\n\n - An information disclosure vulnerability exists when\n Windows Task Scheduler improperly discloses credentials\n to Windows Credential Manager. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-0838)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-0841)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0833)\n\n - A remote code execution vulnerability exists when\n Windows improperly handles objects in memory. An\n attacker who successfully exploited these\n vulnerabilities could take control of an affected\n system. (CVE-2019-0856)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0814, CVE-2019-0848)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0685, CVE-2019-0803,\n CVE-2019-0859)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Server Message Block (SMB) Server when an\n attacker with valid credentials attempts to open a\n specially crafted file over the SMB protocol on the same\n machine. An attacker who successfully exploited this\n vulnerability could bypass certain security checks in\n the operating system. (CVE-2019-0786)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0790,\n CVE-2019-0791, CVE-2019-0792, CVE-2019-0793,\n CVE-2019-0795)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0806, CVE-2019-0810,\n CVE-2019-0812, CVE-2019-0829, CVE-2019-0860,\n CVE-2019-0861)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0835)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to the LUAFV driver\n (luafv.sys). An attacker who successfully exploited this\n vulnerability could set the short name of a file with a\n long name to an arbitrary short name, overriding the\n file system with limited privileges. (CVE-2019-0796)\");\n # https://support.microsoft.com/en-us/help/4493509/windows-10-update-kb4493509\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1b34dad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4493509.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0853\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AppXSvc Hard Link Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-04\";\nkbs = make_list('4493509');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"04_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4493509])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:02:01", "description": "### *Detect date*:\n04/09/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, spoof user interface.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2012 \nInternet Explorer 11 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nInternet Explorer 10 \nWindows Server 2012 R2 \nWindows Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0842](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0842>) \n[CVE-2019-0847](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0847>) \n[CVE-2019-0846](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0846>) \n[CVE-2019-0845](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0845>) \n[CVE-2019-0844](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0844>) \n[CVE-2019-0731](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0731>) \n[CVE-2019-0730](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0730>) \n[CVE-2019-0849](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0849>) \n[CVE-2019-0848](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0848>) \n[CVE-2019-0735](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0735>) \n[CVE-2019-0796](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0796>) \n[CVE-2019-0795](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0795>) \n[CVE-2019-0794](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0794>) \n[CVE-2019-0793](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0793>) \n[CVE-2019-0792](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0792>) \n[CVE-2019-0791](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0791>) \n[CVE-2019-0838](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0838>) \n[CVE-2019-0839](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0839>) \n[CVE-2019-0859](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0859>) \n[CVE-2019-0856](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0856>) \n[CVE-2019-0836](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0836>) \n[CVE-2019-0851](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0851>) \n[CVE-2019-0853](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0853>) \n[CVE-2019-0877](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0877>) \n[CVE-2019-0732](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0732>) \n[CVE-2019-0879](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0879>) \n[CVE-2019-0764](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0764>) \n[CVE-2019-0805](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0805>) \n[CVE-2019-0803](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0803>) \n[CVE-2019-0802](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0802>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-0845](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0845>)9.3Critical \n[CVE-2019-0794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0794>)9.3Critical \n[CVE-2019-0795](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0795>)9.3Critical \n[CVE-2019-0856](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0856>)9.0Critical \n[CVE-2019-0803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0803>)7.2High \n[CVE-2019-0792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0792>)9.3Critical \n[CVE-2019-0879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0879>)7.2High \n[CVE-2019-0842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0842>)9.3Critical \n[CVE-2019-0846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0846>)9.3Critical \n[CVE-2019-0796](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0796>)2.1Warning \n[CVE-2019-0791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0791>)9.3Critical \n[CVE-2019-0793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0793>)9.3Critical \n[CVE-2019-0859](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0859>)7.2High \n[CVE-2019-0877](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0877>)7.2High \n[CVE-2019-0802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0802>)4.3Warning \n[CVE-2019-0847](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0847>)9.3Critical \n[CVE-2019-0805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0805>)4.6Warning \n[CVE-2019-0730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0730>)4.6Warning \n[CVE-2019-0849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0849>)4.3Warning \n[CVE-2019-0836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0836>)4.6Warning \n[CVE-2019-0735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0735>)7.2High \n[CVE-2019-0731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0731>)4.6Warning \n[CVE-2019-0732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0732>)4.6Warning \n[CVE-2019-0851](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0851>)9.3Critical \n[CVE-2019-0844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0844>)2.1Warning \n[CVE-2019-0853](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0853>)9.3Critical \n[CVE-2019-0838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0838>)2.1Warning \n[CVE-2019-0848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0848>)2.1Warning \n[CVE-2019-0839](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0839>)2.1Warning \n[CVE-2019-0764](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0764>)4.3Warning\n\n### *KB list*:\n[4493472](<http://support.microsoft.com/kb/4493472>) \n[4493471](<http://support.microsoft.com/kb/4493471>) \n[4493458](<http://support.microsoft.com/kb/4493458>) \n[4493448](<http://support.microsoft.com/kb/4493448>) \n[4493435](<http://support.microsoft.com/kb/4493435>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "kaspersky", "title": "KLA11875 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0764", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0836", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2020-07-22T00:00:00", "id": "KLA11875", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11875/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T14:54:43", "description": "### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4493441](<http://support.microsoft.com/kb/4493441>) \n[4493474](<http://support.microsoft.com/kb/4493474>) \n[4493464](<http://support.microsoft.com/kb/4493464>) \n[4493509](<http://support.microsoft.com/kb/4493509>) \n[4493470](<http://support.microsoft.com/kb/4493470>) \n[4493475](<http://support.microsoft.com/kb/4493475>) \n[4493451](<http://support.microsoft.com/kb/4493451>) \n[4493467](<http://support.microsoft.com/kb/4493467>) \n[4493446](<http://support.microsoft.com/kb/4493446>) \n[4493450](<http://support.microsoft.com/kb/4493450>) \n[4493552](<http://support.microsoft.com/kb/4493552>) \n[4530684](<http://support.microsoft.com/kb/4530684>)\n\n### *Detect date*:\n04/09/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows RT 8.1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2012 \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows Server, version 1709 (Server Core Installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2019 \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1709 for 64-based Systems \nWindows Server 2016 \nWindows 10 Version 1803 for x64-based Systems \nWindows Admin Center\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0845](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0845>) \n[CVE-2019-0685](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0685>) \n[CVE-2019-0688](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0688>) \n[CVE-2019-0794](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0794>) \n[CVE-2019-0795](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0795>) \n[CVE-2019-0856](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0856>) \n[CVE-2019-0803](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803>) \n[CVE-2019-0814](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0814>) \n[CVE-2019-0792](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0792>) \n[CVE-2019-0879](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0879>) \n[CVE-2019-0842](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0842>) \n[CVE-2019-0846](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0846>) \n[CVE-2019-0796](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0796>) \n[CVE-2019-0791](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0791>) \n[CVE-2019-0793](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0793>) \n[CVE-2019-0790](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0790>) \n[CVE-2019-0786](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0786>) \n[CVE-2019-0859](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859>) \n[CVE-2019-0837](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0837>) \n[CVE-2019-0877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0877>) \n[CVE-2019-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0802>) \n[CVE-2019-0847](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0847>) \n[CVE-2019-0805](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0805>) \n[CVE-2019-0730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0730>) \n[CVE-2019-0849](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0849>) \n[CVE-2019-0836](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0836>) \n[CVE-2019-0735](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0735>) \n[CVE-2019-0813](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0813>) \n[CVE-2019-0731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0731>) \n[CVE-2019-0732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732>) \n[CVE-2019-0840](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840>) \n[CVE-2019-0851](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0851>) \n[CVE-2019-0844](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0844>) \n[CVE-2019-0853](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0853>) \n[CVE-2019-0838](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0838>) \n[CVE-2019-0841](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841>) \n[CVE-2019-0848](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0848>) \n[CVE-2019-0839](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0839>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-0845](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0845>)9.3Critical \n[CVE-2019-0685](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0685>)7.2High \n[CVE-2019-0688](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0688>)5.0Critical \n[CVE-2019-0794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0794>)9.3Critical \n[CVE-2019-0795](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0795>)9.3Critical \n[CVE-2019-0856](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0856>)9.0Critical \n[CVE-2019-0803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0803>)7.2High \n[CVE-2019-0814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0814>)2.1Warning \n[CVE-2019-0792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0792>)9.3Critical \n[CVE-2019-0879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0879>)7.2High \n[CVE-2019-0842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0842>)9.3Critical \n[CVE-2019-0846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0846>)9.3Critical \n[CVE-2019-0796](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0796>)2.1Warning \n[CVE-2019-0791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0791>)9.3Critical \n[CVE-2019-0793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0793>)9.3Critical \n[CVE-2019-0790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0790>)9.3Critical \n[CVE-2019-0786](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0786>)7.5Critical \n[CVE-2019-0859](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0859>)7.2High \n[CVE-2019-0837](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0837>)2.1Warning \n[CVE-2019-0877](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0877>)7.2High \n[CVE-2019-0802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0802>)4.3Warning \n[CVE-2019-0847](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0847>)9.3Critical \n[CVE-2019-0805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0805>)4.6Warning \n[CVE-2019-0730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0730>)4.6Warning \n[CVE-2019-0849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0849>)4.3Warning \n[CVE-2019-0836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0836>)4.6Warning \n[CVE-2019-0735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0735>)7.2High \n[CVE-2019-0813](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0813>)7.5Critical \n[CVE-2019-0731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0731>)4.6Warning \n[CVE-2019-0732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0732>)4.6Warning \n[CVE-2019-0840](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0840>)2.1Warning \n[CVE-2019-0851](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0851>)9.3Critical \n[CVE-2019-0844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0844>)2.1Warning \n[CVE-2019-0853](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0853>)9.3Critical \n[CVE-2019-0838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0838>)2.1Warning \n[CVE-2019-0841](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0841>)7.2High \n[CVE-2019-0848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0848>)2.1Warning \n[CVE-2019-0839](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0839>)2.1Warning", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-09T00:00:00", "type": "kaspersky", "title": "KLA11460 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0685", "CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0786", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0813", "CVE-2019-0814", "CVE-2019-0836", "CVE-2019-0837", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0840", "CVE-2019-0841", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0859", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2022-01-18T00:00:00", "id": "KLA11460", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11460/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T20:40:49", "description": "This host is missing an important security\n update according to Microsoft KB4493451", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2019-0848", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0846", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2019-0859", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0856", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815036", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815036\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0671\", \"CVE-2019-0673\", \"CVE-2019-0674\", \"CVE-2019-0688\",\n \"CVE-2019-0730\", \"CVE-2019-0731\", \"CVE-2019-0732\", \"CVE-2019-0735\",\n \"CVE-2019-0752\", \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0790\",\n \"CVE-2019-0791\", \"CVE-2019-0792\", \"CVE-2019-0793\", \"CVE-2019-0794\",\n \"CVE-2019-0795\", \"CVE-2019-0796\", \"CVE-2019-0802\", \"CVE-2019-0803\",\n \"CVE-2019-0805\", \"CVE-2019-0835\", \"CVE-2019-0836\", \"CVE-2019-0838\",\n \"CVE-2019-0839\", \"CVE-2019-0842\", \"CVE-2019-0844\", \"CVE-2019-0845\",\n \"CVE-2019-0846\", \"CVE-2019-0847\", \"CVE-2019-0848\", \"CVE-2019-0849\",\n \"CVE-2019-0851\", \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0859\",\n \"CVE-2019-0862\", \"CVE-2019-0877\", \"CVE-2019-0879\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 13:00:26 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493451)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4493451\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft Office Access Connectivity Engine improperly handles objects in memory.\n\n - Windows Client Server Run-Time Subsystem (CSRSS) improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain elevated privileges, bypass security features and\n read sensitive information on a victim system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493451\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.2.9200.22724\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.2.9200.22724\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:56", "description": "This host is missing a critical security\n update according to Microsoft KB4493446", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493446)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2017-5753", "CVE-2019-0848", "CVE-2017-5754", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0846", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2017-5715", "CVE-2019-0859", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0856", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815034", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815034\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2017-5753\", \"CVE-2017-5715\", \"CVE-2017-5754\", \"CVE-2019-0671\",\n \"CVE-2019-0673\", \"CVE-2019-0674\", \"CVE-2019-0688\", \"CVE-2019-0730\",\n \"CVE-2019-0731\", \"CVE-2019-0732\", \"CVE-2019-0735\", \"CVE-2019-0752\",\n \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0790\", \"CVE-2019-0791\",\n \"CVE-2019-0792\", \"CVE-2019-0793\", \"CVE-2019-0794\", \"CVE-2019-0795\",\n \"CVE-2019-0796\", \"CVE-2019-0802\", \"CVE-2019-0803\", \"CVE-2019-0805\",\n \"CVE-2019-0835\", \"CVE-2019-0836\", \"CVE-2019-0838\", \"CVE-2019-0839\",\n \"CVE-2019-0842\", \"CVE-2019-0844\", \"CVE-2019-0845\", \"CVE-2019-0846\",\n \"CVE-2019-0847\", \"CVE-2019-0848\", \"CVE-2019-0849\", \"CVE-2019-0851\",\n \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0859\", \"CVE-2019-0862\",\n \"CVE-2019-0877\", \"CVE-2019-0879\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 09:14:49 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493446)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493446\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists\n\n - When Windows Task Scheduler improperly discloses credentials to Windows\n Credential Manager.\n\n - When Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - When Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle\n objects in memory.\n\n - When Microsoft XML Core Services MSXML parser processes user input.\n\n - Speculative execution side-channel vulnerabilities.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to elevate privileges, execute arbitrary code, read unauthorized\n information and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493446\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32k.sys\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.19328\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.19328\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:58", "description": "This host is missing a critical security\n update according to Microsoft KB4493472", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2017-5753", "CVE-2019-0848", "CVE-2017-5754", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0846", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0847", "CVE-2019-0793", "CVE-2019-0764", "CVE-2017-5715", "CVE-2019-0859", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0856", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815033", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815033\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2017-5753\", \"CVE-2017-5715\", \"CVE-2017-5754\", \"CVE-2019-0671\",\n \"CVE-2019-0673\", \"CVE-2019-0674\", \"CVE-2019-0730\", \"CVE-2019-0731\",\n \"CVE-2019-0732\", \"CVE-2019-0735\", \"CVE-2019-0752\", \"CVE-2019-0753\",\n \"CVE-2019-0764\", \"CVE-2019-0791\", \"CVE-2019-0792\", \"CVE-2019-0793\",\n \"CVE-2019-0794\", \"CVE-2019-0795\", \"CVE-2019-0796\", \"CVE-2019-0802\",\n \"CVE-2019-0803\", \"CVE-2019-0805\", \"CVE-2019-0835\", \"CVE-2019-0836\",\n \"CVE-2019-0838\", \"CVE-2019-0839\", \"CVE-2019-0842\", \"CVE-2019-0844\",\n \"CVE-2019-0845\", \"CVE-2019-0846\", \"CVE-2019-0847\", \"CVE-2019-0848\",\n \"CVE-2019-0849\", \"CVE-2019-0851\", \"CVE-2019-0853\", \"CVE-2019-0856\",\n \"CVE-2019-0859\", \"CVE-2019-0862\", \"CVE-2019-0877\", \"CVE-2019-0879\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 09:14:49 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493472)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493472\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist in,\n\n - The IOleCvt interface improperly renders ASP webpage content.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - The win32k component improperly provides kernel information.\n\n - Speculative execution side-channel vulnerabilities.\n\n - Error in Various Windows components.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code on a victim system, obtain information to\n further compromise the user's system, gain elevated privileges, bypass security\n features and cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493472\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Ntdll.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24408\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Ntdll.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24408\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:17", "description": "This host is missing a critical security\n update according to Microsoft KB4493475", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493475)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2019-0848", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0812", "CVE-2019-0810", "CVE-2019-0846", "CVE-2019-0861", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0860", "CVE-2019-0806", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2019-0859", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0739", "CVE-2019-0856", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815023", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815023\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0688\", \"CVE-2019-0730\", \"CVE-2019-0848\", \"CVE-2019-0849\",\n \"CVE-2019-0851\", \"CVE-2019-0731\", \"CVE-2019-0732\", \"CVE-2019-0735\",\n \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0739\", \"CVE-2019-0752\",\n \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0859\", \"CVE-2019-0860\",\n \"CVE-2019-0861\", \"CVE-2019-0862\", \"CVE-2019-0790\", \"CVE-2019-0791\",\n \"CVE-2019-0877\", \"CVE-2019-0879\", \"CVE-2019-0792\", \"CVE-2019-0793\",\n \"CVE-2019-0794\", \"CVE-2019-0795\", \"CVE-2019-0796\", \"CVE-2019-0806\",\n \"CVE-2019-0810\", \"CVE-2019-0812\", \"CVE-2019-0835\", \"CVE-2019-0836\",\n \"CVE-2019-0838\", \"CVE-2019-0839\", \"CVE-2019-0842\", \"CVE-2019-0844\",\n \"CVE-2019-0845\", \"CVE-2019-0846\", \"CVE-2019-0847\", \"CVE-2019-0802\",\n \"CVE-2019-0803\", \"CVE-2019-0805\", \"CVE-2019-0673\", \"CVE-2019-0674\",\n \"CVE-2019-0671\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 09:51:49 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493475)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493475\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - The IOleCvt interface improperly renders ASP webpage content.\n\n - An error in the scripting engine which handles objects in memory in Internet Explorer.\n\n - Windows improperly handles calls to the LUAFV driver.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle\n objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - OLE automation improperly handles objects in memory.\n\n - Windows Task Scheduler improperly discloses credentials to Windows Credential\n Manager.\n\n - Terminal Services component improperly discloses the contents of its memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows improperly handles objects in memory.\n\n - Microsoft browsers do not properly validate input under specific conditions.\n\n - An error in the Microsoft Server Message Block (SMB) Server when an attacker\n with valid credentials attempts to open a specially crafted file over the SMB\n protocol on the same machine.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, disclose sensitive information and compromise the user's\n system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493475\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18185\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18185\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T12:52:45", "description": "This host is missing a critical security\n update according to Microsoft KB4493470", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493470)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2019-0848", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0814", "CVE-2019-0812", "CVE-2019-0810", "CVE-2019-0846", "CVE-2019-0861", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0860", "CVE-2019-0806", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2019-0859", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0739", "CVE-2019-0856", "CVE-2019-0685", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0829", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310815024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815024", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815024\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2019-0685\", \"CVE-2019-0688\", \"CVE-2019-0730\", \"CVE-2019-0848\",\n \"CVE-2019-0849\", \"CVE-2019-0851\", \"CVE-2019-0731\", \"CVE-2019-0732\",\n \"CVE-2019-0735\", \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0739\",\n \"CVE-2019-0752\", \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0859\",\n \"CVE-2019-0860\", \"CVE-2019-0861\", \"CVE-2019-0862\", \"CVE-2019-0790\",\n \"CVE-2019-0791\", \"CVE-2019-0877\", \"CVE-2019-0879\", \"CVE-2019-0792\",\n \"CVE-2019-0793\", \"CVE-2019-0794\", \"CVE-2019-0795\", \"CVE-2019-0796\",\n \"CVE-2019-0806\", \"CVE-2019-0810\", \"CVE-2019-0812\", \"CVE-2019-0814\",\n \"CVE-2019-0829\", \"CVE-2019-0835\", \"CVE-2019-0836\", \"CVE-2019-0838\",\n \"CVE-2019-0839\", \"CVE-2019-0842\", \"CVE-2019-0844\", \"CVE-2019-0845\",\n \"CVE-2019-0846\", \"CVE-2019-0847\", \"CVE-2019-0802\", \"CVE-2019-0803\",\n \"CVE-2019-0805\", \"CVE-2019-0671\", \"CVE-2019-0673\", \"CVE-2019-0674\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 10:03:26 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493470)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493470\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - The IOleCvt interface improperly renders ASP webpage content.\n\n - The scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows improperly handles calls to the LUAFV driver.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle\n objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - OLE automation improperly handles objects in memory.\n\n - Windows Task Scheduler improperly discloses credentials to Windows Credential\n Manager.\n\n - Terminal Services component improperly discloses the contents of its memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows improperly handles objects in memory.\n\n - Microsoft browsers do not properly validate input under specific conditions.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code, disclose sensitive information, bypass security\n restrictions and compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493470\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2905\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2905\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:33", "description": "This host is missing a critical security\n update according to Microsoft KB4493474", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2019-0848", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0814", "CVE-2019-0812", "CVE-2019-0837", "CVE-2019-0810", "CVE-2019-0846", "CVE-2019-0861", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0860", "CVE-2019-0806", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2019-0841", "CVE-2019-0859", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0739", "CVE-2019-0856", "CVE-2019-0685", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0829", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815022", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815022\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0685\", \"CVE-2019-0688\", \"CVE-2019-0730\", \"CVE-2019-0848\",\n \"CVE-2019-0849\", \"CVE-2019-0731\", \"CVE-2019-0732\", \"CVE-2019-0735\",\n \"CVE-2019-0851\", \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0739\",\n \"CVE-2019-0752\", \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0859\",\n \"CVE-2019-0860\", \"CVE-2019-0861\", \"CVE-2019-0862\", \"CVE-2019-0790\",\n \"CVE-2019-0791\", \"CVE-2019-0877\", \"CVE-2019-0879\", \"CVE-2019-0792\",\n \"CVE-2019-0793\", \"CVE-2019-0794\", \"CVE-2019-0795\", \"CVE-2019-0796\",\n \"CVE-2019-0806\", \"CVE-2019-0810\", \"CVE-2019-0812\", \"CVE-2019-0814\",\n \"CVE-2019-0829\", \"CVE-2019-0835\", \"CVE-2019-0836\", \"CVE-2019-0837\",\n \"CVE-2019-0838\", \"CVE-2019-0839\", \"CVE-2019-0841\", \"CVE-2019-0842\",\n \"CVE-2019-0844\", \"CVE-2019-0845\", \"CVE-2019-0846\", \"CVE-2019-0847\",\n \"CVE-2019-0802\", \"CVE-2019-0803\", \"CVE-2019-0805\", \"CVE-2019-0671\",\n \"CVE-2019-0673\", \"CVE-2019-0674\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 09:36:16 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493474)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493474\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - The IOleCvt interface improperly renders ASP webpage content.\n\n - The scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows improperly handles calls to the LUAFV driver.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle\n objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - OLE automation improperly handles objects in memory.\n\n - Windows Task Scheduler improperly discloses credentials to Windows Credential\n Manager.\n\n - Terminal Services component improperly discloses the contents of its memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows improperly handles objects in memory.\n\n - Microsoft browsers do not properly validate input under specific conditions.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - Windows DirectX improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to escalate privileges, run arbitrary code, disclose sensitive information,\n bypass security restrictions and compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493474\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1746\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1746\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:17", "description": "This host is missing a critical security\n update according to Microsoft KB4493441", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493441)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2019-0848", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0814", "CVE-2019-0812", "CVE-2019-0837", "CVE-2019-0810", "CVE-2019-0846", "CVE-2019-0786", "CVE-2019-0861", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0860", "CVE-2019-0806", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2019-0841", "CVE-2019-0694", "CVE-2019-0859", "CVE-2019-0840", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0739", "CVE-2019-0856", "CVE-2019-0685", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0829", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815021", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815021\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0685\", \"CVE-2019-0688\", \"CVE-2019-0730\", \"CVE-2019-0848\",\n \"CVE-2019-0849\", \"CVE-2019-0731\", \"CVE-2019-0732\", \"CVE-2019-0851\",\n \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0735\", \"CVE-2019-0739\",\n \"CVE-2019-0752\", \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0859\",\n \"CVE-2019-0860\", \"CVE-2019-0861\", \"CVE-2019-0862\", \"CVE-2019-0786\",\n \"CVE-2019-0790\", \"CVE-2019-0791\", \"CVE-2019-0877\", \"CVE-2019-0879\",\n \"CVE-2019-0792\", \"CVE-2019-0793\", \"CVE-2019-0794\", \"CVE-2019-0795\",\n \"CVE-2019-0796\", \"CVE-2019-0805\", \"CVE-2019-0806\", \"CVE-2019-0810\",\n \"CVE-2019-0812\", \"CVE-2019-0814\", \"CVE-2019-0829\", \"CVE-2019-0835\",\n \"CVE-2019-0836\", \"CVE-2019-0837\", \"CVE-2019-0838\", \"CVE-2019-0839\",\n \"CVE-2019-0840\", \"CVE-2019-0841\", \"CVE-2019-0842\", \"CVE-2019-0844\",\n \"CVE-2019-0845\", \"CVE-2019-0846\", \"CVE-2019-0847\", \"CVE-2019-0802\",\n \"CVE-2019-0803\", \"CVE-2019-0671\", \"CVE-2019-0673\", \"CVE-2019-0674\",\n \"CVE-2019-0694\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 09:28:30 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493441)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493441\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows kernel improperly handles objects in memory.\n\n - The IOleCvt interface improperly renders ASP webpage content.\n\n - The scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows improperly handles calls to the LUAFV driver.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle\n objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - OLE automation improperly handles objects in memory.\n\n - Windows Task Scheduler improperly discloses credentials to Windows Credential\n Manager.\n\n - Terminal Services component improperly discloses the contents of its memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows improperly handles objects in memory.\n\n - Microsoft browsers do not properly validate input under specific conditions.\n\n - An error in the Microsoft Server Message Block (SMB) Server when an attacker\n with valid credentials attempts to open a specially crafted file over the SMB\n protocol on the same machine.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - Windows DirectX improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to escalate privileges, run arbitrary code, disclose sensitive information,\n bypass security restrictions and compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493441\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1086\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1086\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:27", "description": "This host is missing a critical security\n update according to Microsoft KB4493509", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493509)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2019-0848", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0814", "CVE-2019-0812", "CVE-2019-0810", "CVE-2019-0846", "CVE-2019-0786", "CVE-2019-0861", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0860", "CVE-2019-0806", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2019-0841", "CVE-2019-0859", "CVE-2019-0840", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0739", "CVE-2019-0856", "CVE-2019-0685", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0829", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0833", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815019", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815019\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0685\", \"CVE-2019-0688\", \"CVE-2019-0730\", \"CVE-2019-0848\",\n \"CVE-2019-0849\", \"CVE-2019-0731\", \"CVE-2019-0732\", \"CVE-2019-0851\",\n \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0735\", \"CVE-2019-0739\",\n \"CVE-2019-0752\", \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0859\",\n \"CVE-2019-0860\", \"CVE-2019-0861\", \"CVE-2019-0862\", \"CVE-2019-0786\",\n \"CVE-2019-0790\", \"CVE-2019-0791\", \"CVE-2019-0877\", \"CVE-2019-0879\",\n \"CVE-2019-0792\", \"CVE-2019-0793\", \"CVE-2019-0794\", \"CVE-2019-0795\",\n \"CVE-2019-0796\", \"CVE-2019-0805\", \"CVE-2019-0806\", \"CVE-2019-0810\",\n \"CVE-2019-0812\", \"CVE-2019-0814\", \"CVE-2019-0829\", \"CVE-2019-0833\",\n \"CVE-2019-0835\", \"CVE-2019-0836\", \"CVE-2019-0838\", \"CVE-2019-0839\",\n \"CVE-2019-0840\", \"CVE-2019-0841\", \"CVE-2019-0842\", \"CVE-2019-0844\",\n \"CVE-2019-0845\", \"CVE-2019-0846\", \"CVE-2019-0847\", \"CVE-2019-0802\",\n \"CVE-2019-0803\", \"CVE-2019-0671\", \"CVE-2019-0673\", \"CVE-2019-0674\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 08:56:15 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493509)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493509\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows kernel improperly handles objects in memory.\n\n - The IOleCvt interface improperly renders ASP webpage content.\n\n - The scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows improperly handles calls to the LUAFV driver.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle\n objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - OLE automation improperly handles objects in memory.\n\n - Windows Task Scheduler improperly discloses credentials to Windows Credential\n Manager.\n\n - Terminal Services component improperly discloses the contents of its memory.\n\n - The win32k component improperly provides kernel information.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Microsoft Edge improperly handles objects in memory.\n\n - Windows improperly handles objects in memory.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in the\n memory.\n\n - Microsoft browsers do not properly validate input under specific conditions.\n\n - An error in the Microsoft Server Message Block (SMB) Server when an attacker\n with valid credentials attempts to open a specially crafted file over the SMB\n protocol on the same machine.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to escalate privileges, run arbitrary code, disclose sensitive information,\n bypass security restrictions and compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493509\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.436\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.436\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:18", "description": "This host is missing a critical security\n update according to Microsoft KB4493464", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4493464)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0853", "CVE-2019-0791", "CVE-2019-0845", "CVE-2017-5753", "CVE-2019-0848", "CVE-2017-5754", "CVE-2019-0732", "CVE-2019-0838", "CVE-2019-0792", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0862", "CVE-2019-0796", "CVE-2019-0814", "CVE-2019-0812", "CVE-2019-0837", "CVE-2019-0810", "CVE-2019-0846", "CVE-2019-0786", "CVE-2019-0861", "CVE-2019-0839", "CVE-2019-0752", "CVE-2019-0688", "CVE-2019-0847", "CVE-2019-0860", "CVE-2019-0806", "CVE-2019-0793", "CVE-2019-0790", "CVE-2019-0764", "CVE-2019-0841", "CVE-2017-5715", "CVE-2019-0694", "CVE-2019-0859", "CVE-2019-0840", "CVE-2019-0673", "CVE-2019-0753", "CVE-2019-0803", "CVE-2019-0739", "CVE-2019-0856", "CVE-2019-0685", "CVE-2019-0730", "CVE-2019-0735", "CVE-2019-0829", "CVE-2019-0877", "CVE-2019-0731", "CVE-2019-0802", "CVE-2019-0671", "CVE-2019-0849", "CVE-2019-0674", "CVE-2019-0836", "CVE-2019-0794", "CVE-2019-0879", "CVE-2019-0795", "CVE-2019-0851", "CVE-2019-0835", "CVE-2019-0805"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815020", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815020\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0685\", \"CVE-2019-0688\", \"CVE-2019-0730\", \"CVE-2019-0848\",\n \"CVE-2019-0849\", \"CVE-2019-0731\", \"CVE-2019-0732\", \"CVE-2019-0851\",\n \"CVE-2019-0853\", \"CVE-2019-0856\", \"CVE-2019-0735\", \"CVE-2019-0739\",\n \"CVE-2019-0752\", \"CVE-2019-0753\", \"CVE-2019-0764\", \"CVE-2019-0859\",\n \"CVE-2019-0860\", \"CVE-2019-0861\", \"CVE-2019-0862\", \"CVE-2019-0786\",\n \"CVE-2019-0790\", \"CVE-2019-0791\", \"CVE-2019-0877\", \"CVE-2019-0879\",\n \"CVE-2019-0792\", \"CVE-2019-0793\", \"CVE-2019-0794\", \"CVE-2019-0795\",\n \"CVE-2019-0796\", \"CVE-2019-0806\", \"CVE-2019-0810\", \"CVE-2019-0812\",\n \"CVE-2019-0814\", \"CVE-2019-0829\", \"CVE-2019-0835\", \"CVE-2019-0836\",\n \"CVE-2019-0837\", \"CVE-2019-0838\", \"CVE-2019-0839\", \"CVE-2019-0840\",\n \"CVE-2019-0841\", \"CVE-2019-0842\", \"CVE-2019-0844\", \"CVE-2019-0845\",\n \"CVE-2019-0846\", \"CVE-2019-0847\", \"CVE-2019-0802\", \"CVE-2019-0803\",\n \"CVE-2019-0805\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\",\n \"CVE-2019-0671\", \"CVE-2019-0673\", \"CVE-2019-0674\", \"CVE-2019-0694\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-10 09:14:49 +0530 (Wed, 10 Apr 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4493464)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4493464\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows kernel improperly handles objects in memory.\n\n - The IOleCvt interface improperly renders ASP webpage content.\n\n - The scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows improperly handles calls to the LUAFV driver.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle\n objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - OLE automation improperly handles objects in memory.\n\n - Windows Task Scheduler improperly discloses credentials to Windows Credential\n Manager.\n\n - Terminal Services component improperly discloses the contents of its memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows improperly handles objects in memory.\n\n - Microsoft browsers do not properly validate input under specific conditions.\n\n - An error in the Microsoft Server Message Block (SMB) Server when an attacker\n with valid credentials attempts to open a specially crafted file over the SMB\n protocol on the same machine.\n\n - Windows TCP/IP stack improperly handles fragmented IP packets.\n\n - Windows DirectX improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to escalate privileges, run arbitrary code, disclose sensitive information,\n bypass security restrictions and compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4493464\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.705\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.705\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-04-24T16:19:07", "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n \n \n \n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 74 vulnerabilities, 16 of which are rated \u201ccritical\u201d and 58 that are considered \u201cimportant.\u201d This release also includes a critical advisory covering a security update to Adobe Flash Player. \n \nThis month\u2019s security update covers security issues in a variety of Microsoft\u2019s products, including the Chakra Scripting Engine, Microsoft Office and Windows 10. For more on our coverage of these bugs, check out the Snort blog post [here](<https://blog.snort.org/2019/04/snort-rule-update-for-april-9-2019.html>), covering all of the new rules we have for this release. \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 16 critical vulnerabilities this month, four of which we will highlight below. \n \n[CVE-2019-0753](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0753>) is a remote code execution vulnerability in the Microsoft Scripting Engine that exists in the way the Internet Explorer web browser handles objects in memory. The bug could allow an attacker to corrupt the system in a way that would allow them to gain the same rights as the current user and execute code remotely. In order to trigger this vulnerability, the attacker needs to convince the user to open a specially crafted website in Internet Explorer. They could also embed an ActiveX control marked \u201csafe for initialization\u201d in an application or Microsoft Office document that hosts the Internet Explorer rendering engine. \n \n[CVE-2019-0790](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0790>), [CVE-2019-0791](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0791>), [CVE-2019-0792](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0792>), [CVE-2019-0793](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0793>) and [CVE-2019-0795](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0795>) are all remote code execution vulnerabilities that arise when the Microsoft XML Core Services MSXML parser processes user input. An attacker could exploit any of these bugs to take control of the user\u2019s system. A user could trigger these vulnerabilities by visiting an attacker-created web page that contains malicious MSXML. \n \nThe other critical vulnerabilities are: \n\n\n * [CVE-2019-0739](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0739>)\n * [CVE-2019-0786](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0786>)\n * [CVE-2019-0806](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0806>)\n * [CVE-2019-0810](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0810>)\n * [CVE-2019-0812](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0812>)\n * [CVE-2019-0829](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0829>)\n * [CVE-2019-0845](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0845>)\n * [CVE-2019-0853](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0853>)\n * [CVE-2019-0860](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0860>)\n * [CVE-2019-0861](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0861>)\n\n### Important vulnerabilities\n\nThis release also contains 58 important vulnerabilities, eight of which we will highlight below. \n \n[CVE-2019-0732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732>) is a feature bypass vulnerability in several versions of the Windows operating system that could allow an attacker to bypass Windows Device Guard. This bug exists because Windows improperly handles calls to the LUAFV driver. An attacker could exploit this vulnerability by accessing the local machine and then running a malicious program, giving them the ability to evade a User Mode Code Integrity policy on the machine. \n \n[CVE-2019-0752](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0752>) is a remote code execution vulnerability in the Microsoft Scripting Engine that exists in the way the Internet Explorer web browser handles objects in memory. The bug could allow an attacker to corrupt the system in a way that would allow them to gain the same rights as the current user and execute code remotely. In order to trigger this vulnerability, the attacker needs to convince the user to open a specially crafted website in Internet Explorer. They could also embed an ActiveX control marked \u201csafe for initialization\u201d in an application or Microsoft Office document that hosts the Internet Explorer rendering engine. \n \n[CVE-2019-0790](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0790>) and [CVE-2019-0795](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0795>) are remote code execution vulnerabilities that arise when the Microsoft XML Core Services MSXML parser processes user input. An attacker could exploit any of these bugs to take control of the user\u2019s system. A user could trigger these vulnerabilities by visiting an attacker-created web page that contains malicious MSXML. \n \n[CVE-2019-0801](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801>) is a remote code execution vulnerability in Microsoft Office that arises when the software attempts to open PowerPoint or Excel files. An attacker could exploit this bug by tricking the user into clicking on a specially crafted URL file that points to an Excel or PowerPoint file, causing the file to download. \n \n[CVE-2019-0803](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803>) and [CVE-2019-0859](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859>) are elevation of privilege vulnerabilities in some versions of Windows that exist when the Win32k component improperly handles objects in memory. If exploited, an attacker could gain the ability to run arbitrary code in kernel mode. An attacker could exploit this bug by logging onto the system and then running a specially crafted application. \n \n[CVE-2019-0822](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0822>) is a remote code execution vulnerability that exists in the way Microsoft Graphics Components handles objects in memory. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted file, eventually allowing them to execute arbitrary code in the context of the current user. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2019-0685](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0685>)\n * [CVE-2019-0688](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0688>)\n * [CVE-2019-0730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0730>)\n * [CVE-2019-0731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0731>)\n * [CVE-2019-0735](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0735>)\n * [CVE-2019-0764](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0764>)\n * [CVE-2019-0794](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0794>)\n * [CVE-2019-0796](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0796>)\n * [CVE-2019-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0802>)\n * [CVE-2019-0805](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0805>)\n * [CVE-2019-0814](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0814>)\n * [CVE-2019-0815](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815>)\n * [CVE-2019-0817](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817>)\n * [CVE-2019-0823](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0823>)\n * [CVE-2019-0824](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0824>)\n * [CVE-2019-0825](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0825>)\n * [CVE-2019-0826](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0826>)\n * [CVE-2019-0827](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0827>)\n * [CVE-2019-0828](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0828>)\n * [CVE-2019-0830](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830>)\n * [CVE-2019-0831](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831>)\n * [CVE-2019-0833](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0833>)\n * [CVE-2019-0835](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0835>)\n * [CVE-2019-0836](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0836>)\n * [CVE-2019-0837](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0837>)\n * [CVE-2019-0838](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0838>)\n * [CVE-2019-0839](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0839>)\n * [CVE-2019-0840](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840>)\n * [CVE-2019-0841](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841>)\n * [CVE-2019-0842](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0842>)\n * [CVE-2019-0844](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0844>)\n * [CVE-2019-0846](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0846>)\n * [CVE-2019-0847](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0847>)\n * [CVE-2019-0848](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0848>)\n * [CVE-2019-0849](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0849>)\n * [CVE-2019-0851](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0851>)\n * [CVE-2019-0856](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0856>)\n * [CVE-2019-0857](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0857>)\n * [CVE-2019-0858](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858>)\n * [CVE-2019-0862](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0862>)\n * [CVE-2019-0866](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866>)\n * [CVE-2019-0867](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867>)\n * [CVE-2019-0868](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868>)\n * [CVE-2019-0869](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0869>)\n * [CVE-2019-0870](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870>)\n * [CVE-2019-0871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871>)\n * [CVE-2019-0874](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0874>)\n * [CVE-2019-0876](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0876>)\n * [CVE-2019-0877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0877>)\n * [CVE-2019-0875](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0875>)\n * [CVE-2019-0879](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0879>)\n * [CVE-2019-0813](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0813>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing the following SNORT\u24c7 rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: [45632, 45635, 46548, 46549, 49380, 49381, 49688, 49689, 49692 - 49711, 49716 - 49723, 49727 - 49747, 49750 - 49755](<https://snort.org/advisories/talos-rules-2019-04-09>)\n\n", "cvss3": {}, "published": "2019-04-09T11:10:02", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 April 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-0685", "CVE-2019-0688", "CVE-2019-0730", "CVE-2019-0731", "CVE-2019-0732", "CVE-2019-0735", "CVE-2019-0739", "CVE-2019-0752", "CVE-2019-0753", "CVE-2019-0764", "CVE-2019-0786", "CVE-2019-0790", "CVE-2019-0791", "CVE-2019-0792", "CVE-2019-0793", "CVE-2019-0794", "CVE-2019-0795", "CVE-2019-0796", "CVE-2019-0801", "CVE-2019-0802", "CVE-2019-0803", "CVE-2019-0805", "CVE-2019-0806", "CVE-2019-0810", "CVE-2019-0812", "CVE-2019-0813", "CVE-2019-0814", "CVE-2019-0815", "CVE-2019-0817", "CVE-2019-0822", "CVE-2019-0823", "CVE-2019-0824", "CVE-2019-0825", "CVE-2019-0826", "CVE-2019-0827", "CVE-2019-0828", "CVE-2019-0829", "CVE-2019-0830", "CVE-2019-0831", "CVE-2019-0833", "CVE-2019-0835", "CVE-2019-0836", "CVE-2019-0837", "CVE-2019-0838", "CVE-2019-0839", "CVE-2019-0840", "CVE-2019-0841", "CVE-2019-0842", "CVE-2019-0844", "CVE-2019-0845", "CVE-2019-0846", "CVE-2019-0847", "CVE-2019-0848", "CVE-2019-0849", "CVE-2019-0851", "CVE-2019-0853", "CVE-2019-0856", "CVE-2019-0857", "CVE-2019-0858", "CVE-2019-0859", "CVE-2019-0860", "CVE-2019-0861", "CVE-2019-0862", "CVE-2019-0866", "CVE-2019-0867", "CVE-2019-0868", "CVE-2019-0869", "CVE-2019-0870", "CVE-2019-0871", "CVE-2019-0874", "CVE-2019-0875", "CVE-2019-0876", "CVE-2019-0877", "CVE-2019-0879"], "modified": "2019-04-09T11:10:02", "id": "TALOSBLOG:C41259322CA5338694B85978B0EA6FA5", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/CofmJ4xJGzg/microsoft-patch-tuesday-april-2019.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}