DATABASE RESOURCES PRICING ABOUT US

{"id": "MS:CVE-2019-1254", "bulletinFamily": "microsoft", "title": "Windows Hyper-V Information Disclosure Vulnerability", "description": "An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory.\n\nTo exploit the vulnerability, an attacker would first require access to a Hyper-V host.\n\nThe security update addresses the vulnerability by ensuring Hyper-V properly initializes memory before writing it to disk.\n", "published": "2019-09-10T07:00:00", "modified": "2019-09-10T07:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1254", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2019-1254"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-26T18:28:12", "edition": 1, "viewCount": 3, "enchantments": {"backreferences": {"references": [{"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["KLA11552"], "type": "kaspersky"}, {"idList": ["SMB_NT_MS19_SEP_4516066.NASL", "SMB_NT_MS19_SEP_4516068.NASL", "SMB_NT_MS19_SEP_4512578.NASL", "SMB_NT_MS19_SEP_4515384.NASL", "SMB_NT_MS19_SEP_4516058.NASL", "SMB_NT_MS19_SEP_4516044.NASL"], "type": "nessus"}, {"idList": ["TALOSBLOG:C3F889D9C3C954C42160A3C26034C2F6"], "type": "talosblog"}, {"idList": ["OPENVAS:1361412562310815456", "OPENVAS:1361412562310815454", "OPENVAS:1361412562310815457", "OPENVAS:1361412562310815459", "OPENVAS:1361412562310815455", "OPENVAS:1361412562310815453"], "type": "openvas"}, {"idList": ["KB4516058"], "type": "mskb"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["CVE-2019-1254"], "type": "cve"}]}, "dependencies": {"references": [{"idList": ["KB4515384", "KB4516044"], "type": "mskb"}, {"idList": ["KLA11552"], "type": "kaspersky"}, {"idList": ["SMB_NT_MS19_SEP_4516066.NASL", "SMB_NT_MS19_SEP_4516068.NASL", "SMB_NT_MS19_SEP_4512578.NASL", "SMB_NT_MS19_SEP_4515384.NASL", "SMB_NT_MS19_SEP_4516058.NASL", "SMB_NT_MS19_SEP_4516044.NASL"], "type": "nessus"}, {"idList": ["TALOSBLOG:C3F889D9C3C954C42160A3C26034C2F6"], "type": "talosblog"}, {"idList": ["OPENVAS:1361412562310815456", "OPENVAS:1361412562310815454", "OPENVAS:1361412562310815457", "OPENVAS:1361412562310815459", "OPENVAS:1361412562310815455", "OPENVAS:1361412562310815453"], "type": "openvas"}, {"idList": ["CVE-2019-1254"], "type": "cve"}, {"idList": ["SMNTC-109979"], "type": "symantec"}], "rev": 4}, "exploitation": null, "score": {"value": 2.5, "vector": "NONE"}, "vulnersScore": 2.5}, "_state": {"dependencies": 1666809388, "score": 1666809538}, "_internal": {"score_hash": "db3b984e1d541e39bbf3810c9ff4692d"}, "kbList": ["KB4512508", "KB4512578", "KB4515384", "KB4516044", "KB4512516", "KB4512501", "KB4516066", "KB4512517", "KB4512507", "KB4516068", "KB4511553", "KB4516058"], "msrc": "", "mscve": "CVE-2019-1254", "msAffectedSoftware": [{"kb": "KB4516058", "kbSupersedence": "KB4512501", "msplatform": "", "name": "windows 10 version 1803 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4515384", "kbSupersedence": "KB4512508", "msplatform": "", "name": "windows server, version 1903 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4512578", "kbSupersedence": "KB4511553", "msplatform": "", "name": "windows 10 version 1809 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4516066", "kbSupersedence": "KB4512516", "msplatform": "", "name": "windows 10 version 1709 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4516044", "kbSupersedence": "KB4512517", "msplatform": "", "name": "windows server 2016", "operator": "", "version": ""}, {"kb": "KB4512578", "kbSupersedence": "KB4511553", "msplatform": "", "name": "windows server 2019", "operator": "", "version": ""}, {"kb": "KB4512578", "kbSupersedence": "KB4511553", "msplatform": "", "name": "windows server 2019 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4516044", "kbSupersedence": "KB4512517", "msplatform": "", "name": "windows server 2016 (server core installation)", "operator": "", "version": ""}, {"kb": "KB4515384", "kbSupersedence": "KB4512508", "msplatform": "", "name": "windows 10 version 1903 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4516044", "kbSupersedence": "KB4512517", "msplatform": "", "name": "windows 10 version 1607 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4516068", "kbSupersedence": "KB4512507", "msplatform": "", "name": "windows 10 version 1703 for x64-based systems", "operator": "", "version": ""}, {"kb": "KB4516058", "kbSupersedence": "KB4512501", "msplatform": "", "name": "windows server, version 1803 (server core installation)", "operator": "", "version": ""}], "vendorCvss": {"baseScore": "5.5", "temporalScore": "5.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"}}

{"symantec": [{"lastseen": "2021-06-08T19:05:57", "description": "### Description\n\nMicrosoft Windows is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nAllow only trusted individuals to have user accounts and local access to the resources.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2019-09-10T00:00:00", "type": "symantec", "title": "Microsoft Windows Hyper-V CVE-2019-1254 Local Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-1254"], "modified": "2019-09-10T00:00:00", "id": "SMNTC-109979", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109979", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T19:52:05", "description": "An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T22:15:00", "type": "cve", "title": "CVE-2019-1254", "cwe": ["CWE-908"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1254"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1809"], "id": "CVE-2019-1254", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1254", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*"]}], "mskb": [{"lastseen": "2022-08-24T11:27:18", "description": "None\n**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 18362.1031) released September 10, 2019. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n**ePub support ending in Microsoft Edge**Microsoft Edge will end support for e-books that use the .epub file extension over the next several months. For more information, see [Download an ePub app to keep reading e-books](<https://support.microsoft.com/help/4517840>).\n\nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>).\n\n## Highlights\n\n * Updates to improve security when using Internet Explorer, Microsoft Edge, networking technologies, and input devices such as a mouse, keyboard, or stylus.\n * Updates for verifying user names and passwords.\n * Updates for storing and managing files.\n * Updates an issue that causes a code 52 error (an exclamation mark inside a yellow triangle) when connecting a Bluetooth audio device.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as _Microarchitectural Data Sampling_, for 32-Bit (x86) versions of Windows. \nFor more information, see [Security Advisory 190013](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013>). This advisory includes CVE-2019-11091,[ ](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0>)CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the [Windows Client](<https://support.microsoft.com/help/4073119>) and [Windows Server](<https://support.microsoft.com/help/4072698>) articles_. _(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)\n * Addresses an issue that causes high CPU usage from **SearchUI.exe** for a small number of users. This issue only occurs on devices that have disabled searching the web using Windows Desktop Search.\n * Addresses an issue that causes a code 52 error (an exclamation mark inside a yellow triangle) when connecting a Bluetooth audio device.\n * Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\nSymptom| Workaround \n---|--- \nMicrosoft has received reports that audio in certain games is quieter or different than expected after installing this update. At the request of some of our audio partners, we implemented a compatibility change that enabled certain games to query support and render multi-channel audio. Due to customer feedback, we are reverting this change as some games and some devices are not rendering multi-channel audio as expected. This may result in games sounding different than customers are used to and may have missing channels.| This issue is resolved in [KB4517211](<https://support.microsoft.com/help/4517211>). \nSome Input Method Editor (IME) may become unresponsive or may have high CPU usage. Affected IMEs include Chinese Simplified (**ChsIME.EXE**) and Chinese Traditional (**ChtIME.EXE**) with Changjie/Quick keyboard.| Due to security related changes in this update, this issue may occur when the Touch Keyboard and Handwriting Panel Service is not configured to its default startup type of Manual. To resolve the issue, perform the following steps:\n\n 1. Select the **Start **button and type \u201cservices\u201d.\n 2. Open the Services app and locate **Touch Keyboard and Handwriting Panel Service.**\n 3. Double-click **Touch Keyboard and Handwriting Panel Service **and select **Properties**.\n 4. Locate **Startup type:** and change it to **Manual**.\n 5. Select **OK**.\nThe TabletInputService service is now in the default configuration and IME should work as expected. \nWhen setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.**Note** This issue does not affect using a Microsoft Account during OOBE.| This issue is resolved in KB4530684. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date>).If you are using Windows Update, the latest SSU ([KB 4515383](<https://support.microsoft.com/help/4515383>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4515384>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4515384](<https://download.microsoft.com/download/5/7/4/5741ea9f-30fd-436c-b9f8-08e84455b129/4515384.csv>). \n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-09-10T07:00:00", "type": "mskb", "title": "September 10, 2019\u2014KB4515384 (OS Build 18362.356)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-1254"], "modified": "2019-09-10T07:00:00", "id": "KB4515384", "href": "https://support.microsoft.com/en-us/help/4515384", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-11T10:56:04", "description": "None\n**Reminder:** The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.\n\n**Reminder: **March 12 and April 9 were the last two Delta updates for Windows 10, version 1607. For Long-Term Servicing Branch (LTSB) customers, security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please visit our [blog](<https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426>).\n\n_Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. __To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10._**IMPORTANT: **Windows 10 Enterprise and Windows 10 Education editions will receive additional servicing at no cost until April 9, 2019. Devices on the Long-Term Servicing Channels (LTSC) will continue to receive updates until October 2026 per the [Lifecycle Policy page](<https://support.microsoft.com/lifecycle/search?alpha=Windows%2010>). Windows 10 Anniversary Update (v. 1607) devices running the Intel \u201cClovertrail\u201d chipset will continue to receive updates until January 2023 per the [Microsoft Community blog](<https://answers.microsoft.com/windows/forum/windows_10-windows_install/intel-clover-trail-processors-are-not-supported-on/ed1823d3-c82c-4d7f-ba9d-43ecbcf526e9?auth=1>).\n\n_Windows Server 2016 Standard edition, Nano Server installation option and Windows Server 2016 Datacenter edition, Nano Server installation option __reached end of service on October 9, 2018_._ These editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10._\n\n_Windows 10 Mobile, version 1607, reached end of service on October 8, 2018. Devices running Windows 10 Mobile and Windows 10 Mobile Enterprise will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10._\n\nFor more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>).\n\n## Highlights\n\n * Updates to improve security when using Internet Explorer, networking technologies, and input devices such as a mouse, keyboard, or stylus.\n * Updates for verifying user names and passwords.\n * Updates for storing and managing files.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as _Microarchitectural Data Sampling_, for 32-Bit (x86) versions of Windows. \nFor more information, see [Security Advisory 190013](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013>). This advisory includes CVE-2019-11091,[ ](<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2Fadv190013&data=02%7C01%7Cv-shros%40microsoft.com%7C09be709d4f5a48828b3608d731b5e011%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637032529545445662&sdata=fvFdb13Krl8nAuUPxE9ZigyGg3qICkRND%2BcRcoc9WXI%3D&reserved=0>)CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Use the registry settings as described in the [Windows Client](<https://support.microsoft.com/help/4073119>) and [Windows Server](<https://support.microsoft.com/help/4072698>) articles_. _(These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)\n * Addresses an issue with applications and scripts that call the [NetQueryDisplayInformation](<https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netquerydisplayinformation>) API or the [WinNT provider](<https://docs.microsoft.com/windows/win32/adsi/adsi-winnt-provider>) equivalent. They may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages, you may receive the error, \u201c1359: an internal error occurred.\u201d\n * Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Virtualization, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, and Windows Server .\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing [KB 4467684](<https://support.microsoft.com/help/4467684>), the cluster service may fail to start with the error \u201c2245 (NERR_PasswordTooShort)\u201d if the group policy \u201cMinimum Password Length\u201d is configured with greater than 14 characters.| Set the domain default \"Minimum Password Length\" policy to less than or equal to 14 characters.Microsoft is working on a resolution and will provide an update in an upcoming release. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see [Servicing stack updates](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates#why-should-servicing-stack-updates-be-installed-and-kept-up-to-date>).If you are using Windows Update, the latest SSU ([KB 4512574](<https://support.microsoft.com/help/4512574>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4516044>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4516044](<https://download.microsoft.com/download/6/9/7/6974cce9-7fa1-4e4e-8fb6-39f746b85bd0/4516044.csv>).\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-09-10T07:00:00", "type": "mskb", "title": "September 10, 2019\u2014KB4516044 (OS Build 14393.3204)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-1254"], "modified": "2019-09-10T07:00:00", "id": "KB4516044", "href": "https://support.microsoft.com/en-us/help/4516044", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}], "kaspersky": [{"lastseen": "2021-08-18T11:08:04", "description": "### *Detect date*:\n09/10/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2016 \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 8.1 for x64-based systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows RT 8.1 \nWindows Server 2012 R2 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 R2 (Server Core installation) \nMicrosoft Visual Studio 2019 version 16.2 \nWindows 10 Version 1709 for x64-based Systems \nWindows Server, version 1709 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1246](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1246>) \n[CVE-2019-1292](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1292>) \n[CVE-2019-1215](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1215>) \n[CVE-2019-1250](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1250>) \n[CVE-2019-1293](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1293>) \n[CVE-2019-1273](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1273>) \n[CVE-2019-1249](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1249>) \n[CVE-2019-0788](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0788>) \n[CVE-2019-1242](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1242>) \n[CVE-2019-1270](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1270>) \n[CVE-2019-1286](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1286>) \n[CVE-2019-1240](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1240>) \n[CVE-2019-1252](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1252>) \n[CVE-2019-1291](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1291>) \n[CVE-2019-1251](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1251>) \n[CVE-2019-1216](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1216>) \n[CVE-2019-1278](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1278>) \n[CVE-2019-1272](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1272>) \n[CVE-2019-1256](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1256>) \n[CVE-2019-1303](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1303>) \n[CVE-2019-1248](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1248>) \n[CVE-2019-1232](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1232>) \n[CVE-2019-1271](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1271>) \n[CVE-2019-0787](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0787>) \n[CVE-2019-1241](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1241>) \n[CVE-2019-1247](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1247>) \n[CVE-2019-1290](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1290>) \n[CVE-2019-1269](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1269>) \n[CVE-2019-1244](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1244>) \n[CVE-2019-1253](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1253>) \n[CVE-2019-1267](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1267>) \n[CVE-2019-1280](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1280>) \n[CVE-2019-1287](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1287>) \n[CVE-2019-1277](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1277>) \n[CVE-2019-1268](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1268>) \n[CVE-2019-1285](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1285>) \n[CVE-2019-0928](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0928>) \n[CVE-2019-1289](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1289>) \n[CVE-2019-1219](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1219>) \n[CVE-2019-1214](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1214>) \n[CVE-2019-1243](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1243>) \n[CVE-2019-1282](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1282>) \n[CVE-2019-1274](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1274>) \n[CVE-2019-1294](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1294>) \n[CVE-2019-1235](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1235>) \n[CVE-2019-1254](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1254>) \n[CVE-2019-1245](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1245>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1246](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1246>)9.3Critical \n[CVE-2019-1292](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1292>)6.8High \n[CVE-2019-1215](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1215>)7.2High \n[CVE-2019-1250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1250>)9.3Critical \n[CVE-2019-1293](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1293>)2.1Warning \n[CVE-2019-1273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1273>)3.5Warning \n[CVE-2019-1249](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1249>)9.3Critical \n[CVE-2019-0788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0788>)9.3Critical \n[CVE-2019-1242](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1242>)9.3Critical \n[CVE-2019-1270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1270>)3.6Warning \n[CVE-2019-1286](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1286>)4.3Warning \n[CVE-2019-1240](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1240>)9.3Critical \n[CVE-2019-1252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1252>)4.3Warning \n[CVE-2019-1291](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1291>)9.3Critical \n[CVE-2019-1251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1251>)2.1Warning \n[CVE-2019-1216](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1216>)2.1Warning \n[CVE-2019-1278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1278>)4.6Warning \n[CVE-2019-1272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1272>)7.2High \n[CVE-2019-1256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1256>)7.2High \n[CVE-2019-1303](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1303>)7.2High \n[CVE-2019-1248](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1248>)9.3Critical \n[CVE-2019-1232](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1232>)4.6Warning \n[CVE-2019-1271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1271>)7.2High \n[CVE-2019-0787](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0787>)9.3Critical \n[CVE-2019-1241](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1241>)9.3Critical \n[CVE-2019-1247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1247>)9.3Critical \n[CVE-2019-1290](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1290>)9.3Critical \n[CVE-2019-1269](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1269>)7.2High \n[CVE-2019-1244](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1244>)4.3Warning \n[CVE-2019-1253](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1253>)7.2High \n[CVE-2019-1267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1267>)7.2High \n[CVE-2019-1280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1280>)9.3Critical \n[CVE-2019-1287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1287>)4.6Warning \n[CVE-2019-1277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1277>)4.6Warning \n[CVE-2019-1268](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1268>)7.2High \n[CVE-2019-1285](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1285>)7.2High \n[CVE-2019-0928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0928>)5.5High \n[CVE-2019-1289](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1289>)3.6Warning \n[CVE-2019-1219](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1219>)2.1Warning \n[CVE-2019-1214](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1214>)7.2High \n[CVE-2019-1243](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1243>)9.3Critical \n[CVE-2019-1282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1282>)2.1Warning \n[CVE-2019-1274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1274>)2.1Warning \n[CVE-2019-1294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1294>)2.1Warning \n[CVE-2019-1235](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1235>)7.2High \n[CVE-2019-1254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1254>)2.1Warning \n[CVE-2019-1245](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1245>)4.3Warning\n\n### *KB list*:\n[4516066](<http://support.microsoft.com/kb/4516066>) \n[4516068](<http://support.microsoft.com/kb/4516068>) \n[4516064](<http://support.microsoft.com/kb/4516064>) \n[4515384](<http://support.microsoft.com/kb/4515384>) \n[4516044](<http://support.microsoft.com/kb/4516044>) \n[4512578](<http://support.microsoft.com/kb/4512578>) \n[4516058](<http://support.microsoft.com/kb/4516058>) \n[4516067](<http://support.microsoft.com/kb/4516067>) \n[4516062](<http://support.microsoft.com/kb/4516062>) \n[4516055](<http://support.microsoft.com/kb/4516055>) \n[4516070](<http://support.microsoft.com/kb/4516070>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "kaspersky", "title": "KLA11552 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0787", "CVE-2019-0788", "CVE-2019-0928", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1216", "CVE-2019-1219", "CVE-2019-1232", "CVE-2019-1235", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1251", "CVE-2019-1252", "CVE-2019-1253", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1273", "CVE-2019-1274", "CVE-2019-1277", "CVE-2019-1278", "CVE-2019-1280", "CVE-2019-1282", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1294", "CVE-2019-1303"], "modified": "2020-07-22T00:00:00", "id": "KLA11552", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11552/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T15:26:38", "description": "The remote Windows host is missing security update 4516044.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. (CVE-2019-1142)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245)\n\n - An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2019-1216)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1221) \n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "KB4516044: Windows 10 Version 1607 and Windows Server 2016 September 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0928", "CVE-2019-1138", "CVE-2019-1142", "CVE-2019-1208", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1216", "CVE-2019-1219", "CVE-2019-1220", "CVE-2019-1221", "CVE-2019-1232", "CVE-2019-1235", "CVE-2019-1236", "CVE-2019-1237", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1252", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1274", "CVE-2019-1278", "CVE-2019-1280", "CVE-2019-1282", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1298", "CVE-2019-1300"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_SEP_4516044.NASL", "href": "https://www.tenable.com/plugins/nessus/128637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128637);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2019-0928\",\n \"CVE-2019-1138\",\n \"CVE-2019-1142\",\n \"CVE-2019-1208\",\n \"CVE-2019-1214\",\n \"CVE-2019-1215\",\n \"CVE-2019-1216\",\n \"CVE-2019-1219\",\n \"CVE-2019-1220\",\n \"CVE-2019-1221\",\n \"CVE-2019-1232\",\n \"CVE-2019-1235\",\n \"CVE-2019-1236\",\n \"CVE-2019-1237\",\n \"CVE-2019-1240\",\n \"CVE-2019-1241\",\n \"CVE-2019-1242\",\n \"CVE-2019-1243\",\n \"CVE-2019-1244\",\n \"CVE-2019-1245\",\n \"CVE-2019-1246\",\n \"CVE-2019-1247\",\n \"CVE-2019-1248\",\n \"CVE-2019-1249\",\n \"CVE-2019-1250\",\n \"CVE-2019-1252\",\n \"CVE-2019-1254\",\n \"CVE-2019-1256\",\n \"CVE-2019-1267\",\n \"CVE-2019-1268\",\n \"CVE-2019-1269\",\n \"CVE-2019-1270\",\n \"CVE-2019-1271\",\n \"CVE-2019-1272\",\n \"CVE-2019-1274\",\n \"CVE-2019-1278\",\n \"CVE-2019-1280\",\n \"CVE-2019-1282\",\n \"CVE-2019-1285\",\n \"CVE-2019-1286\",\n \"CVE-2019-1287\",\n \"CVE-2019-1289\",\n \"CVE-2019-1290\",\n \"CVE-2019-1291\",\n \"CVE-2019-1292\",\n \"CVE-2019-1293\",\n \"CVE-2019-1298\",\n \"CVE-2019-1300\"\n );\n script_xref(name:\"MSKB\", value:\"4516044\");\n script_xref(name:\"MSFT\", value:\"MS19-4516044\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4516044: Windows 10 Version 1607 and Windows Server 2016 September 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4516044.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Text Service Framework (TSF) when the TSF server\n process does not validate the source of input or\n commands it receives. An attacker who successfully\n exploited this vulnerability could inject commands or\n read input sent through a malicious Input Method Editor\n (IME). This only affects systems that have installed an\n IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common\n Log File System (CLFS) driver when it fails to properly\n handle sandbox checks. An attacker who successfully\n exploited this vulnerability could potentially read data\n outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V writes uninitialized memory to disk. An\n attacker could exploit the vulnerability by reading a\n file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Delivery Optimization does not properly\n enforce file share permissions. An attacker who\n successfully exploited the vulnerability could overwrite\n files that require higher privileges than what the\n attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the\n .NET Framework common language runtime (CLR) allows file\n creation in arbitrary locations. An attacker who\n successfully exploited this vulnerability could write\n files to folders that require higher privileges than\n what the attacker already has. (CVE-2019-1142)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245)\n\n - An elevation of privilege vulnerability exists in\n Windows store installer where WindowsApps directory is\n vulnerable to symbolic link attack. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Compatibility Appraiser where a configuration\n file, with local privileges, is vulnerable to symbolic\n link and hard link attacks. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows SMB Client kernel-mode driver\n fails to properly handle objects in memory. An attacker\n who successfully exploited the vulnerability could\n potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242,\n CVE-2019-1243, CVE-2019-1246, CVE-2019-1247,\n CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n impersonates certain file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. An attacker with unprivileged\n access to a vulnerable system could exploit this\n vulnerability. The security update addresses the\n vulnerability by ensuring the Diagnostics Hub Standard\n Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connectivity Assistant\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers fail to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not\n properly handle file path information. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2019-1216)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which\n may lead to an out of band write. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could then\n install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the\n Windows Transaction Manager improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could potentially read data that was not\n intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the\n way that ws2ifsl.sys (Winsock) handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1221)\n \n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1138, CVE-2019-1237, \n CVE-2019-1298, CVE-2019-1300)\");\n # https://support.microsoft.com/en-us/help/4516044/windows-10-update-kb4516044\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?743596fe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4516044.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1291\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-09\";\nkbs = make_list('4516044');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"09_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4516044])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:25:32", "description": "The remote Windows host is missing security update 4512578.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the ADFS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that ADFS error handling properly sanitizes error messages. (CVE-2019-1273)\n\n - An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges when used in conjunction with another vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1268)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. (CVE-2019-1294)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1221) \n - An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. (CVE-2019-1299)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "KB4512578: Windows 10 Version 1809 and Windows Server 2019 September 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1138", "CVE-2019-1142", "CVE-2019-1208", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1217", "CVE-2019-1219", "CVE-2019-1220", "CVE-2019-1221", "CVE-2019-1232", "CVE-2019-1235", "CVE-2019-1236", "CVE-2019-1237", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1251", "CVE-2019-1252", "CVE-2019-1253", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1273", "CVE-2019-1274", "CVE-2019-1277", "CVE-2019-1278", "CVE-2019-1280", "CVE-2019-1282", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1294", "CVE-2019-1298", "CVE-2019-1299", "CVE-2019-1300", "CVE-2019-1303"], "modified": "2022-03-28T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_SEP_4512578.NASL", "href": "https://www.tenable.com/plugins/nessus/128634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128634);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2019-1138\",\n \"CVE-2019-1142\",\n \"CVE-2019-1208\",\n \"CVE-2019-1214\",\n \"CVE-2019-1215\",\n \"CVE-2019-1217\",\n \"CVE-2019-1219\",\n \"CVE-2019-1220\",\n \"CVE-2019-1221\",\n \"CVE-2019-1232\",\n \"CVE-2019-1235\",\n \"CVE-2019-1236\",\n \"CVE-2019-1237\",\n \"CVE-2019-1240\",\n \"CVE-2019-1241\",\n \"CVE-2019-1242\",\n \"CVE-2019-1243\",\n \"CVE-2019-1244\",\n \"CVE-2019-1245\",\n \"CVE-2019-1246\",\n \"CVE-2019-1247\",\n \"CVE-2019-1248\",\n \"CVE-2019-1249\",\n \"CVE-2019-1250\",\n \"CVE-2019-1251\",\n \"CVE-2019-1252\",\n \"CVE-2019-1253\",\n \"CVE-2019-1254\",\n \"CVE-2019-1256\",\n \"CVE-2019-1267\",\n \"CVE-2019-1268\",\n \"CVE-2019-1269\",\n \"CVE-2019-1270\",\n \"CVE-2019-1271\",\n \"CVE-2019-1272\",\n \"CVE-2019-1273\",\n \"CVE-2019-1274\",\n \"CVE-2019-1277\",\n \"CVE-2019-1278\",\n \"CVE-2019-1280\",\n \"CVE-2019-1282\",\n \"CVE-2019-1285\",\n \"CVE-2019-1286\",\n \"CVE-2019-1287\",\n \"CVE-2019-1289\",\n \"CVE-2019-1290\",\n \"CVE-2019-1291\",\n \"CVE-2019-1292\",\n \"CVE-2019-1293\",\n \"CVE-2019-1294\",\n \"CVE-2019-1298\",\n \"CVE-2019-1299\",\n \"CVE-2019-1300\",\n \"CVE-2019-1303\"\n );\n script_xref(name:\"MSKB\", value:\"4512578\");\n script_xref(name:\"MSFT\", value:\"MS19-4512578\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4512578: Windows 10 Version 1809 and Windows Server 2019 September 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512578.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Text Service Framework (TSF) when the TSF server\n process does not validate the source of input or\n commands it receives. An attacker who successfully\n exploited this vulnerability could inject commands or\n read input sent through a malicious Input Method Editor\n (IME). This only affects systems that have installed an\n IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common\n Log File System (CLFS) driver when it fails to properly\n handle sandbox checks. An attacker who successfully\n exploited this vulnerability could potentially read data\n outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V writes uninitialized memory to disk. An\n attacker could exploit the vulnerability by reading a\n file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Delivery Optimization does not properly\n enforce file share permissions. An attacker who\n successfully exploited the vulnerability could overwrite\n files that require higher privileges than what the\n attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the\n .NET Framework common language runtime (CLR) allows file\n creation in arbitrary locations. An attacker who\n successfully exploited this vulnerability could write\n files to folders that require higher privileges than\n what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242,\n CVE-2019-1243, CVE-2019-1246, CVE-2019-1247,\n CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in\n Windows store installer where WindowsApps directory is\n vulnerable to symbolic link attack. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Compatibility Appraiser where a configuration\n file, with local privileges, is vulnerable to symbolic\n link and hard link attacks. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows SMB Client kernel-mode driver\n fails to properly handle objects in memory. An attacker\n who successfully exploited the vulnerability could\n potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A cross-site-scripting (XSS) vulnerability exists when\n Active Directory Federation Services (ADFS) does not\n properly sanitize certain error messages. An\n authenticated attacker could exploit the vulnerability\n by sending a specially crafted request to an affected\n ADFS server. The attacker who successfully exploited the\n vulnerability could then perform cross-site scripting\n attacks on affected systems and run scripts in the\n security context of the current user. The attacks could\n allow the attacker to read content that the attacker is\n not authorized to read, use the victim's identity to\n take actions on the ADFS site on behalf of the user,\n such as change permissions and delete content, and\n inject malicious content in the browser of the user. The\n security update addresses the vulnerability by helping\n to ensure that ADFS error handling properly sanitizes\n error messages. (CVE-2019-1273)\n\n - An elevation of privilege vulnerability exists in\n Windows Audio Service when a malformed parameter is\n processed. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges when used in conjunction with another\n vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n impersonates certain file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. An attacker with unprivileged\n access to a vulnerable system could exploit this\n vulnerability. The security update addresses the\n vulnerability by ensuring the Diagnostics Hub Standard\n Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connectivity Assistant\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers fail to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not\n properly handle file path information. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1268)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1294)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which\n may lead to an out of band write. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could then\n install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the\n Windows Transaction Manager improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could potentially read data that was not\n intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the\n way that ws2ifsl.sys (Winsock) handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1221)\n \n - An information disclosure vulnerability exists when\n Microsoft Edge based on Edge HTML improperly handles\n objects in memory. (CVE-2019-1299)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1138, CVE-2019-1217, \n CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)\");\n # https://support.microsoft.com/en-us/help/4512578/windows-10-update-kb4512578\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6526f6a3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512578.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1291\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-09\";\nkbs = make_list('4512578');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"09_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512578])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:55:35", "description": "The remote Windows host is missing security update 4516068.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges when used in conjunction with another vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.\n (CVE-2019-1216)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1221)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "KB4516068: Windows 10 Version 1703 September 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0787", "CVE-2019-0788", "CVE-2019-0928", "CVE-2019-1138", "CVE-2019-1142", "CVE-2019-1208", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1216", "CVE-2019-1219", "CVE-2019-1220", "CVE-2019-1221", "CVE-2019-1232", "CVE-2019-1235", "CVE-2019-1236", "CVE-2019-1237", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1251", "CVE-2019-1252", "CVE-2019-1253", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1274", "CVE-2019-1277", "CVE-2019-1278", "CVE-2019-1280", "CVE-2019-1282", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1298", "CVE-2019-1300", "CVE-2019-1303"], "modified": "2023-01-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_SEP_4516068.NASL", "href": "https://www.tenable.com/plugins/nessus/128643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128643);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/25\");\n\n script_cve_id(\n \"CVE-2019-0787\",\n \"CVE-2019-0788\",\n \"CVE-2019-0928\",\n \"CVE-2019-1138\",\n \"CVE-2019-1142\",\n \"CVE-2019-1208\",\n \"CVE-2019-1214\",\n \"CVE-2019-1215\",\n \"CVE-2019-1216\",\n \"CVE-2019-1219\",\n \"CVE-2019-1220\",\n \"CVE-2019-1221\",\n \"CVE-2019-1232\",\n \"CVE-2019-1235\",\n \"CVE-2019-1236\",\n \"CVE-2019-1237\",\n \"CVE-2019-1240\",\n \"CVE-2019-1241\",\n \"CVE-2019-1242\",\n \"CVE-2019-1243\",\n \"CVE-2019-1244\",\n \"CVE-2019-1245\",\n \"CVE-2019-1246\",\n \"CVE-2019-1247\",\n \"CVE-2019-1248\",\n \"CVE-2019-1249\",\n \"CVE-2019-1250\",\n \"CVE-2019-1251\",\n \"CVE-2019-1252\",\n \"CVE-2019-1253\",\n \"CVE-2019-1254\",\n \"CVE-2019-1256\",\n \"CVE-2019-1267\",\n \"CVE-2019-1268\",\n \"CVE-2019-1269\",\n \"CVE-2019-1270\",\n \"CVE-2019-1271\",\n \"CVE-2019-1272\",\n \"CVE-2019-1274\",\n \"CVE-2019-1277\",\n \"CVE-2019-1278\",\n \"CVE-2019-1280\",\n \"CVE-2019-1282\",\n \"CVE-2019-1285\",\n \"CVE-2019-1286\",\n \"CVE-2019-1287\",\n \"CVE-2019-1289\",\n \"CVE-2019-1290\",\n \"CVE-2019-1291\",\n \"CVE-2019-1292\",\n \"CVE-2019-1293\",\n \"CVE-2019-1298\",\n \"CVE-2019-1300\",\n \"CVE-2019-1303\"\n );\n script_xref(name:\"MSKB\", value:\"4516068\");\n script_xref(name:\"MSFT\", value:\"MS19-4516068\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4516068: Windows 10 Version 1703 September 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4516068.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Text Service Framework (TSF) when the TSF server\n process does not validate the source of input or\n commands it receives. An attacker who successfully\n exploited this vulnerability could inject commands or\n read input sent through a malicious Input Method Editor\n (IME). This only affects systems that have installed an\n IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common\n Log File System (CLFS) driver when it fails to properly\n handle sandbox checks. An attacker who successfully\n exploited this vulnerability could potentially read data\n outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V writes uninitialized memory to disk. An\n attacker could exploit the vulnerability by reading a\n file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Delivery Optimization does not properly\n enforce file share permissions. An attacker who\n successfully exploited the vulnerability could overwrite\n files that require higher privileges than what the\n attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the\n .NET Framework common language runtime (CLR) allows file\n creation in arbitrary locations. An attacker who\n successfully exploited this vulnerability could write\n files to folders that require higher privileges than\n what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242,\n CVE-2019-1243, CVE-2019-1246, CVE-2019-1247,\n CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in\n Windows store installer where WindowsApps directory is\n vulnerable to symbolic link attack. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Compatibility Appraiser where a configuration\n file, with local privileges, is vulnerable to symbolic\n link and hard link attacks. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows SMB Client kernel-mode driver\n fails to properly handle objects in memory. An attacker\n who successfully exploited the vulnerability could\n potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - An elevation of privilege vulnerability exists in\n Windows Audio Service when a malformed parameter is\n processed. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges when used in conjunction with another\n vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n impersonates certain file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. An attacker with unprivileged\n access to a vulnerable system could exploit this\n vulnerability. The security update addresses the\n vulnerability by ensuring the Diagnostics Hub Standard\n Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connectivity Assistant\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290,\n CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers fail to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not\n properly handle file path information. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - An information disclosure vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how DirectX handles objects in memory.\n (CVE-2019-1216)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which\n may lead to an out of band write. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could then\n install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the\n Windows Transaction Manager improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could potentially read data that was not\n intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the\n way that ws2ifsl.sys (Winsock) handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1221)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1138, CVE-2019-1237, \n CVE-2019-1298, CVE-2019-1300)\");\n # https://support.microsoft.com/en-us/help/4516068/windows-10-update-kb4516068\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f71ef8eb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4516068.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1291\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-09\";\nkbs = make_list('4516068');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"09_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4516068])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:46:55", "description": "The remote Windows host is missing security update 4516066.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges when used in conjunction with another vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1221)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "KB4516066: Windows 10 Version 1709 September 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0787", "CVE-2019-0788", "CVE-2019-0928", "CVE-2019-1138", "CVE-2019-1142", "CVE-2019-1208", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1219", "CVE-2019-1220", "CVE-2019-1221", "CVE-2019-1232", "CVE-2019-1235", "CVE-2019-1236", "CVE-2019-1237", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1251", "CVE-2019-1252", "CVE-2019-1253", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1274", "CVE-2019-1277", "CVE-2019-1278", "CVE-2019-1280", "CVE-2019-1282", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1298", "CVE-2019-1300", "CVE-2019-1303"], "modified": "2023-01-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_SEP_4516066.NASL", "href": "https://www.tenable.com/plugins/nessus/128641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128641);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/25\");\n\n script_cve_id(\n \"CVE-2019-0787\",\n \"CVE-2019-0788\",\n \"CVE-2019-0928\",\n \"CVE-2019-1138\",\n \"CVE-2019-1142\",\n \"CVE-2019-1208\",\n \"CVE-2019-1214\",\n \"CVE-2019-1215\",\n \"CVE-2019-1219\",\n \"CVE-2019-1220\",\n \"CVE-2019-1221\",\n \"CVE-2019-1232\",\n \"CVE-2019-1235\",\n \"CVE-2019-1236\",\n \"CVE-2019-1237\",\n \"CVE-2019-1240\",\n \"CVE-2019-1241\",\n \"CVE-2019-1242\",\n \"CVE-2019-1243\",\n \"CVE-2019-1244\",\n \"CVE-2019-1245\",\n \"CVE-2019-1246\",\n \"CVE-2019-1247\",\n \"CVE-2019-1248\",\n \"CVE-2019-1249\",\n \"CVE-2019-1250\",\n \"CVE-2019-1251\",\n \"CVE-2019-1252\",\n \"CVE-2019-1253\",\n \"CVE-2019-1254\",\n \"CVE-2019-1256\",\n \"CVE-2019-1267\",\n \"CVE-2019-1268\",\n \"CVE-2019-1269\",\n \"CVE-2019-1270\",\n \"CVE-2019-1271\",\n \"CVE-2019-1272\",\n \"CVE-2019-1274\",\n \"CVE-2019-1277\",\n \"CVE-2019-1278\",\n \"CVE-2019-1280\",\n \"CVE-2019-1282\",\n \"CVE-2019-1285\",\n \"CVE-2019-1286\",\n \"CVE-2019-1287\",\n \"CVE-2019-1289\",\n \"CVE-2019-1290\",\n \"CVE-2019-1291\",\n \"CVE-2019-1292\",\n \"CVE-2019-1293\",\n \"CVE-2019-1298\",\n \"CVE-2019-1300\",\n \"CVE-2019-1303\"\n );\n script_xref(name:\"MSKB\", value:\"4516066\");\n script_xref(name:\"MSFT\", value:\"MS19-4516066\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4516066: Windows 10 Version 1709 September 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4516066.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Text Service Framework (TSF) when the TSF server\n process does not validate the source of input or\n commands it receives. An attacker who successfully\n exploited this vulnerability could inject commands or\n read input sent through a malicious Input Method Editor\n (IME). This only affects systems that have installed an\n IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common\n Log File System (CLFS) driver when it fails to properly\n handle sandbox checks. An attacker who successfully\n exploited this vulnerability could potentially read data\n outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V writes uninitialized memory to disk. An\n attacker could exploit the vulnerability by reading a\n file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Delivery Optimization does not properly\n enforce file share permissions. An attacker who\n successfully exploited the vulnerability could overwrite\n files that require higher privileges than what the\n attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the\n .NET Framework common language runtime (CLR) allows file\n creation in arbitrary locations. An attacker who\n successfully exploited this vulnerability could write\n files to folders that require higher privileges than\n what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242,\n CVE-2019-1243, CVE-2019-1246, CVE-2019-1247,\n CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in\n Windows store installer where WindowsApps directory is\n vulnerable to symbolic link attack. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Compatibility Appraiser where a configuration\n file, with local privileges, is vulnerable to symbolic\n link and hard link attacks. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows SMB Client kernel-mode driver\n fails to properly handle objects in memory. An attacker\n who successfully exploited the vulnerability could\n potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - An elevation of privilege vulnerability exists in\n Windows Audio Service when a malformed parameter is\n processed. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges when used in conjunction with another\n vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n impersonates certain file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. An attacker with unprivileged\n access to a vulnerable system could exploit this\n vulnerability. The security update addresses the\n vulnerability by ensuring the Diagnostics Hub Standard\n Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connectivity Assistant\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290,\n CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers fail to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not\n properly handle file path information. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which\n may lead to an out of band write. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could then\n install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the\n Windows Transaction Manager improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could potentially read data that was not\n intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the\n way that ws2ifsl.sys (Winsock) handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1221)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1138, CVE-2019-1237, \n CVE-2019-1298, CVE-2019-1300)\");\n # https://support.microsoft.com/en-us/help/4516066/windows-10-update-kb4516066\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7632e34\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4516066.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1291\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-09\";\nkbs = make_list('4516066');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"09_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4516066])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:26:13", "description": "The remote Windows host is missing security update 4515384.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the ADFS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that ADFS error handling properly sanitizes error messages. (CVE-2019-1273)\n\n - An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges when used in conjunction with another vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1268)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. (CVE-2019-1294)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1221) \n - An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. (CVE-2019-1299)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "KB4515384: Windows 10 Version 1903 September 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0787", "CVE-2019-0788", "CVE-2019-1138", "CVE-2019-1142", "CVE-2019-1208", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1217", "CVE-2019-1219", "CVE-2019-1220", "CVE-2019-1221", "CVE-2019-1232", "CVE-2019-1235", "CVE-2019-1236", "CVE-2019-1237", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1251", "CVE-2019-1252", "CVE-2019-1253", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1273", "CVE-2019-1274", "CVE-2019-1277", "CVE-2019-1278", "CVE-2019-1280", "CVE-2019-1282", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1294", "CVE-2019-1298", "CVE-2019-1299", "CVE-2019-1300", "CVE-2019-1303"], "modified": "2022-03-28T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_SEP_4515384.NASL", "href": "https://www.tenable.com/plugins/nessus/128635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128635);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/28\");\n\n script_cve_id(\n \"CVE-2019-0787\",\n \"CVE-2019-0788\",\n \"CVE-2019-1142\",\n \"CVE-2019-1208\",\n \"CVE-2019-1214\",\n \"CVE-2019-1215\",\n \"CVE-2019-1217\",\n \"CVE-2019-1219\",\n \"CVE-2019-1220\",\n \"CVE-2019-1221\",\n \"CVE-2019-1232\",\n \"CVE-2019-1235\",\n \"CVE-2019-1236\",\n \"CVE-2019-1237\",\n \"CVE-2019-1240\",\n \"CVE-2019-1241\",\n \"CVE-2019-1242\",\n \"CVE-2019-1243\",\n \"CVE-2019-1244\",\n \"CVE-2019-1245\",\n \"CVE-2019-1246\",\n \"CVE-2019-1247\",\n \"CVE-2019-1248\",\n \"CVE-2019-1249\",\n \"CVE-2019-1250\",\n \"CVE-2019-1251\",\n \"CVE-2019-1252\",\n \"CVE-2019-1253\",\n \"CVE-2019-1254\",\n \"CVE-2019-1256\",\n \"CVE-2019-1267\",\n \"CVE-2019-1268\",\n \"CVE-2019-1269\",\n \"CVE-2019-1270\",\n \"CVE-2019-1271\",\n \"CVE-2019-1272\",\n \"CVE-2019-1273\",\n \"CVE-2019-1274\",\n \"CVE-2019-1277\",\n \"CVE-2019-1278\",\n \"CVE-2019-1280\",\n \"CVE-2019-1282\",\n \"CVE-2019-1285\",\n \"CVE-2019-1286\",\n \"CVE-2019-1287\",\n \"CVE-2019-1289\",\n \"CVE-2019-1290\",\n \"CVE-2019-1291\",\n \"CVE-2019-1292\",\n \"CVE-2019-1293\",\n \"CVE-2019-1294\",\n \"CVE-2019-1298\",\n \"CVE-2019-1299\",\n \"CVE-2019-1300\",\n \"CVE-2019-1303\"\n );\n script_xref(name:\"MSKB\", value:\"4515384\");\n script_xref(name:\"MSFT\", value:\"MS19-4515384\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4515384: Windows 10 Version 1903 September 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4515384.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Text Service Framework (TSF) when the TSF server\n process does not validate the source of input or\n commands it receives. An attacker who successfully\n exploited this vulnerability could inject commands or\n read input sent through a malicious Input Method Editor\n (IME). This only affects systems that have installed an\n IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common\n Log File System (CLFS) driver when it fails to properly\n handle sandbox checks. An attacker who successfully\n exploited this vulnerability could potentially read data\n outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V writes uninitialized memory to disk. An\n attacker could exploit the vulnerability by reading a\n file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Delivery Optimization does not properly\n enforce file share permissions. An attacker who\n successfully exploited the vulnerability could overwrite\n files that require higher privileges than what the\n attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the\n .NET Framework common language runtime (CLR) allows file\n creation in arbitrary locations. An attacker who\n successfully exploited this vulnerability could write\n files to folders that require higher privileges than\n what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242,\n CVE-2019-1243, CVE-2019-1246, CVE-2019-1247,\n CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in\n Windows store installer where WindowsApps directory is\n vulnerable to symbolic link attack. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Compatibility Appraiser where a configuration\n file, with local privileges, is vulnerable to symbolic\n link and hard link attacks. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows SMB Client kernel-mode driver\n fails to properly handle objects in memory. An attacker\n who successfully exploited the vulnerability could\n potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A cross-site-scripting (XSS) vulnerability exists when\n Active Directory Federation Services (ADFS) does not\n properly sanitize certain error messages. An\n authenticated attacker could exploit the vulnerability\n by sending a specially crafted request to an affected\n ADFS server. The attacker who successfully exploited the\n vulnerability could then perform cross-site scripting\n attacks on affected systems and run scripts in the\n security context of the current user. The attacks could\n allow the attacker to read content that the attacker is\n not authorized to read, use the victim's identity to\n take actions on the ADFS site on behalf of the user,\n such as change permissions and delete content, and\n inject malicious content in the browser of the user. The\n security update addresses the vulnerability by helping\n to ensure that ADFS error handling properly sanitizes\n error messages. (CVE-2019-1273)\n\n - An elevation of privilege vulnerability exists in\n Windows Audio Service when a malformed parameter is\n processed. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges when used in conjunction with another\n vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n impersonates certain file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. An attacker with unprivileged\n access to a vulnerable system could exploit this\n vulnerability. The security update addresses the\n vulnerability by ensuring the Diagnostics Hub Standard\n Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connectivity Assistant\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290,\n CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers fail to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not\n properly handle file path information. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1268)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1294)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which\n may lead to an out of band write. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could then\n install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the\n Windows Transaction Manager improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could potentially read data that was not\n intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the\n way that ws2ifsl.sys (Winsock) handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1221)\n \n - An information disclosure vulnerability exists when\n Microsoft Edge based on Edge HTML improperly handles\n objects in memory. (CVE-2019-1299)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1138, CVE-2019-1217, \n CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)\");\n # https://support.microsoft.com/en-us/help/4515384/windows-10-update-kb4515384\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d2e1505\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4515384.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1291\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-09\";\nkbs = make_list('4515384');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"09_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4515384])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T14:56:40", "description": "The remote Windows host is missing security update 4516058.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the ADFS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that ADFS error handling properly sanitizes error messages. (CVE-2019-1273)\n\n - An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges when used in conjunction with another vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. (CVE-2019-1294)\n\n - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1221)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "KB4516058: Windows 10 Version 1803 September 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0787", "CVE-2019-0788", "CVE-2019-0928", "CVE-2019-1138", "CVE-2019-1142", "CVE-2019-1208", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1217", "CVE-2019-1219", "CVE-2019-1220", "CVE-2019-1221", "CVE-2019-1232", "CVE-2019-1235", "CVE-2019-1236", "CVE-2019-1237", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1251", "CVE-2019-1252", "CVE-2019-1253", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1273", "CVE-2019-1274", "CVE-2019-1277", "CVE-2019-1278", "CVE-2019-1280", "CVE-2019-1282", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1294", "CVE-2019-1298", "CVE-2019-1300", "CVE-2019-1303"], "modified": "2023-01-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_SEP_4516058.NASL", "href": "https://www.tenable.com/plugins/nessus/128639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128639);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/25\");\n\n script_cve_id(\n \"CVE-2019-0787\",\n \"CVE-2019-0788\",\n \"CVE-2019-0928\",\n \"CVE-2019-1138\",\n \"CVE-2019-1142\",\n \"CVE-2019-1208\",\n \"CVE-2019-1214\",\n \"CVE-2019-1215\",\n \"CVE-2019-1217\",\n \"CVE-2019-1219\",\n \"CVE-2019-1220\",\n \"CVE-2019-1221\",\n \"CVE-2019-1232\",\n \"CVE-2019-1235\",\n \"CVE-2019-1236\",\n \"CVE-2019-1237\",\n \"CVE-2019-1240\",\n \"CVE-2019-1241\",\n \"CVE-2019-1242\",\n \"CVE-2019-1243\",\n \"CVE-2019-1244\",\n \"CVE-2019-1245\",\n \"CVE-2019-1246\",\n \"CVE-2019-1247\",\n \"CVE-2019-1248\",\n \"CVE-2019-1249\",\n \"CVE-2019-1250\",\n \"CVE-2019-1251\",\n \"CVE-2019-1252\",\n \"CVE-2019-1253\",\n \"CVE-2019-1254\",\n \"CVE-2019-1256\",\n \"CVE-2019-1267\",\n \"CVE-2019-1268\",\n \"CVE-2019-1269\",\n \"CVE-2019-1270\",\n \"CVE-2019-1271\",\n \"CVE-2019-1272\",\n \"CVE-2019-1273\",\n \"CVE-2019-1274\",\n \"CVE-2019-1277\",\n \"CVE-2019-1278\",\n \"CVE-2019-1280\",\n \"CVE-2019-1282\",\n \"CVE-2019-1285\",\n \"CVE-2019-1286\",\n \"CVE-2019-1287\",\n \"CVE-2019-1289\",\n \"CVE-2019-1290\",\n \"CVE-2019-1291\",\n \"CVE-2019-1292\",\n \"CVE-2019-1293\",\n \"CVE-2019-1294\",\n \"CVE-2019-1298\",\n \"CVE-2019-1300\",\n \"CVE-2019-1303\"\n );\n script_xref(name:\"MSKB\", value:\"4516058\");\n script_xref(name:\"MSFT\", value:\"MS19-4516058\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4516058: Windows 10 Version 1803 September 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4516058.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Text Service Framework (TSF) when the TSF server\n process does not validate the source of input or\n commands it receives. An attacker who successfully\n exploited this vulnerability could inject commands or\n read input sent through a malicious Input Method Editor\n (IME). This only affects systems that have installed an\n IME. (CVE-2019-1235)\n\n - An information disclosure exists in the Windows Common\n Log File System (CLFS) driver when it fails to properly\n handle sandbox checks. An attacker who successfully\n exploited this vulnerability could potentially read data\n outside their expected limits. (CVE-2019-1282)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1274)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V writes uninitialized memory to disk. An\n attacker could exploit the vulnerability by reading a\n file to recover kernel memory. (CVE-2019-1254)\n\n - An elevation of privilege vulnerability exists when the\n Windows Update Delivery Optimization does not properly\n enforce file share permissions. An attacker who\n successfully exploited the vulnerability could overwrite\n files that require higher privileges than what the\n attacker already has. (CVE-2019-1289)\n\n - An elevation of privilege vulnerability exists when the\n .NET Framework common language runtime (CLR) allows file\n creation in arbitrary locations. An attacker who\n successfully exploited this vulnerability could write\n files to folders that require higher privileges than\n what the attacker already has. (CVE-2019-1142)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1240, CVE-2019-1241, CVE-2019-1242,\n CVE-2019-1243, CVE-2019-1246, CVE-2019-1247,\n CVE-2019-1248, CVE-2019-1249, CVE-2019-1250)\n\n - An elevation of privilege vulnerability exists in\n Windows store installer where WindowsApps directory is\n vulnerable to symbolic link attack. An attacker who\n successfully exploited this vulnerability could bypass\n access restrictions to add or remove files.\n (CVE-2019-1270)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Compatibility Appraiser where a configuration\n file, with local privileges, is vulnerable to symbolic\n link and hard link attacks. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1267)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1269, CVE-2019-1272)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1280)\n\n - An information disclosure vulnerability exists in\n Windows when the Windows SMB Client kernel-mode driver\n fails to properly handle objects in memory. An attacker\n who successfully exploited the vulnerability could\n potentially disclose contents of System memory.\n (CVE-2019-1293)\n\n - A cross-site-scripting (XSS) vulnerability exists when\n Active Directory Federation Services (ADFS) does not\n properly sanitize certain error messages. An\n authenticated attacker could exploit the vulnerability\n by sending a specially crafted request to an affected\n ADFS server. The attacker who successfully exploited the\n vulnerability could then perform cross-site scripting\n attacks on affected systems and run scripts in the\n security context of the current user. The attacks could\n allow the attacker to read content that the attacker is\n not authorized to read, use the victim's identity to\n take actions on the ADFS site on behalf of the user,\n such as change permissions and delete content, and\n inject malicious content in the browser of the user. The\n security update addresses the vulnerability by helping\n to ensure that ADFS error handling properly sanitizes\n error messages. (CVE-2019-1273)\n\n - An elevation of privilege vulnerability exists in\n Windows Audio Service when a malformed parameter is\n processed. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges when used in conjunction with another\n vulnerability. (CVE-2019-1277)\n\n - An elevation of privilege vulnerability exists when the\n Diagnostics Hub Standard Collector Service improperly\n impersonates certain file operations. An attacker who\n successfully exploited this vulnerability could gain\n elevated privileges. An attacker with unprivileged\n access to a vulnerable system could exploit this\n vulnerability. The security update addresses the\n vulnerability by ensuring the Diagnostics Hub Standard\n Collector Service properly impersonates file operations.\n (CVE-2019-1232)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1256, CVE-2019-1285)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1253, CVE-2019-1303)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1208, CVE-2019-1236)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network Connectivity Assistant\n handles objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1287)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290,\n CVE-2019-1291)\n\n - A security feature bypass vulnerability exists when\n Microsoft Browsers fail to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-1220)\n\n - An elevation of privilege exists when Winlogon does not\n properly handle file path information. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1268)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0928)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-1214)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1252, CVE-2019-1286)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1244, CVE-2019-1245, CVE-2019-1251)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1294)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1278)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1292)\n\n - An elevation of privilege exists in hdAudio.sys which\n may lead to an out of band write. An attacker who\n successfully exploited this vulnerability could run\n processes in an elevated context. An attacker could then\n install programs; view, change or delete data.\n (CVE-2019-1271)\n\n - An information disclosure vulnerability exists when the\n Windows Transaction Manager improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could potentially read data that was not\n intended to be disclosed. (CVE-2019-1219)\n\n - An elevation of privilege vulnerability exists in the\n way that ws2ifsl.sys (Winsock) handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n privileges. (CVE-2019-1215)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1221)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1138, CVE-2019-1217, \n CVE-2019-1237, CVE-2019-1298, CVE-2019-1300)\");\n # https://support.microsoft.com/en-us/help/4516058/windows-10-update-kb4516058\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7d71b8f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4516058.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1291\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-09\";\nkbs = make_list('4516058');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"09_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4516058])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T20:40:58", "description": "This host is missing a critical security\n update according to Microsoft KB4516044", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4516044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1215", "CVE-2019-1240", "CVE-2019-1245", "CVE-2019-1280", "CVE-2019-1270", "CVE-2018-12126", "CVE-2019-1237", "CVE-2019-1282", "CVE-2019-1274", "CVE-2019-1221", "CVE-2019-1247", "CVE-2019-1232", "CVE-2019-1242", "CVE-2019-1293", "CVE-2019-1241", "CVE-2019-1249", "CVE-2019-1286", "CVE-2019-1236", "CVE-2019-1216", "CVE-2019-1250", "CVE-2019-1269", "CVE-2019-1291", "CVE-2019-1256", "CVE-2019-1248", "CVE-2018-12127", "CVE-2019-1287", "CVE-2019-1138", "CVE-2019-1278", "CVE-2019-1254", "CVE-2019-1220", "CVE-2019-0787", "CVE-2019-1214", "CVE-2019-1285", "CVE-2019-1290", "CVE-2019-0788", "CVE-2019-1300", "CVE-2019-1268", "CVE-2019-1208", "CVE-2019-1272", "CVE-2019-1267", "CVE-2019-1292", "CVE-2019-1252", "CVE-2019-1235", "CVE-2019-1142", "CVE-2019-1289", "CVE-2019-1246", "CVE-2019-0928", "CVE-2019-1219", "CVE-2019-1271", "CVE-2019-1243", "CVE-2019-11091", "CVE-2019-1298", "CVE-2019-1244", "CVE-2018-12130"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815457", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815457\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-0787\",\n \"CVE-2019-0788\", \"CVE-2019-0928\", \"CVE-2019-11091\", \"CVE-2019-1138\",\n \"CVE-2019-1142\", \"CVE-2019-1208\", \"CVE-2019-1214\", \"CVE-2019-1215\",\n \"CVE-2019-1216\", \"CVE-2019-1219\", \"CVE-2019-1220\", \"CVE-2019-1221\",\n \"CVE-2019-1232\", \"CVE-2019-1235\", \"CVE-2019-1236\", \"CVE-2019-1237\",\n \"CVE-2019-1240\", \"CVE-2019-1241\", \"CVE-2019-1242\", \"CVE-2019-1243\",\n \"CVE-2019-1244\", \"CVE-2019-1245\", \"CVE-2019-1246\", \"CVE-2019-1247\",\n \"CVE-2019-1248\", \"CVE-2019-1249\", \"CVE-2019-1250\", \"CVE-2019-1252\",\n \"CVE-2019-1254\", \"CVE-2019-1256\", \"CVE-2019-1267\", \"CVE-2019-1268\",\n \"CVE-2019-1269\", \"CVE-2019-1270\", \"CVE-2019-1271\", \"CVE-2019-1272\",\n \"CVE-2019-1274\", \"CVE-2019-1278\", \"CVE-2019-1280\", \"CVE-2019-1282\",\n \"CVE-2019-1285\", \"CVE-2019-1286\", \"CVE-2019-1287\", \"CVE-2019-1289\",\n \"CVE-2019-1290\", \"CVE-2019-1291\", \"CVE-2019-1292\", \"CVE-2019-1293\",\n \"CVE-2019-1298\", \"CVE-2019-1300\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-11 10:33:03 +0530 (Wed, 11 Sep 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4516044)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4516044\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - An error in Windows Text Service Framework (TSF) when the TSF server process\n does not validate the source of input or commands it receives.\n\n - Diagnostics Hub Standard Collector Service improperly impersonates\n certain file operations.\n\n - Windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - DirectX improperly handles objects in memory.\n\n - Windows Transaction Manager improperly handles objects in memory.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - An elevation of privilege exists in hdAudio.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain elevated privileges, execute code with elevated permissions, obtain\n information to further compromise the user's system and cause a target\n system to stop responding.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4516044\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nexeVer = fetch_file_version(sysPath:sysPath, file_name:\"Ntoskrnl.exe\");\nif(!exeVer)\n exit(0);\n\nif(version_in_range(version:exeVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3203\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Ntoskrnl.exe\",\n file_version:exeVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3203\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:26", "description": "This host is missing a critical security\n update according to Microsoft KB4516058", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4516058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1215", "CVE-2019-1240", "CVE-2019-1245", "CVE-2019-1280", "CVE-2019-1270", "CVE-2018-12126", "CVE-2019-1237", "CVE-2019-1282", "CVE-2019-1274", "CVE-2019-1221", "CVE-2019-1247", "CVE-2019-1217", "CVE-2019-1253", "CVE-2019-1232", "CVE-2019-1242", "CVE-2019-1293", "CVE-2019-1241", "CVE-2019-1249", "CVE-2019-1286", "CVE-2019-1236", "CVE-2019-1250", "CVE-2019-1269", "CVE-2019-1291", "CVE-2019-1303", "CVE-2019-1256", "CVE-2019-1277", "CVE-2019-1248", "CVE-2018-12127", "CVE-2019-1287", "CVE-2019-1138", "CVE-2019-1278", "CVE-2019-1254", "CVE-2019-1220", "CVE-2019-0787", "CVE-2019-1214", "CVE-2019-1285", "CVE-2019-1290", "CVE-2019-0788", "CVE-2019-1300", "CVE-2019-1294", "CVE-2019-1268", "CVE-2019-1208", "CVE-2019-1272", "CVE-2019-1267", "CVE-2019-1292", "CVE-2019-1252", "CVE-2019-1235", "CVE-2019-1251", "CVE-2019-1142", "CVE-2019-1289", "CVE-2019-1246", "CVE-2019-1273", "CVE-2019-0928", "CVE-2019-1219", "CVE-2019-1271", "CVE-2019-1243", "CVE-2019-11091", "CVE-2019-1298", "CVE-2019-1244", "CVE-2018-12130"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815459", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815459", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815459\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-0787\",\n \"CVE-2019-0788\", \"CVE-2019-0928\", \"CVE-2019-11091\", \"CVE-2019-1138\",\n \"CVE-2019-1142\", \"CVE-2019-1208\", \"CVE-2019-1214\", \"CVE-2019-1215\",\n \"CVE-2019-1217\", \"CVE-2019-1219\", \"CVE-2019-1220\", \"CVE-2019-1221\",\n \"CVE-2019-1232\", \"CVE-2019-1235\", \"CVE-2019-1236\", \"CVE-2019-1237\",\n \"CVE-2019-1240\", \"CVE-2019-1241\", \"CVE-2019-1242\", \"CVE-2019-1243\",\n \"CVE-2019-1244\", \"CVE-2019-1245\", \"CVE-2019-1246\", \"CVE-2019-1247\",\n \"CVE-2019-1248\", \"CVE-2019-1249\", \"CVE-2019-1250\", \"CVE-2019-1251\",\n \"CVE-2019-1252\", \"CVE-2019-1253\", \"CVE-2019-1254\", \"CVE-2019-1256\",\n \"CVE-2019-1267\", \"CVE-2019-1268\", \"CVE-2019-1269\", \"CVE-2019-1270\",\n \"CVE-2019-1271\", \"CVE-2019-1272\", \"CVE-2019-1273\", \"CVE-2019-1274\",\n \"CVE-2019-1277\", \"CVE-2019-1278\", \"CVE-2019-1280\", \"CVE-2019-1282\",\n \"CVE-2019-1285\", \"CVE-2019-1286\", \"CVE-2019-1287\", \"CVE-2019-1289\",\n \"CVE-2019-1290\", \"CVE-2019-1291\", \"CVE-2019-1292\", \"CVE-2019-1293\",\n \"CVE-2019-1294\", \"CVE-2019-1298\", \"CVE-2019-1300\", \"CVE-2019-1303\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-11 10:55:50 +0530 (Wed, 11 Sep 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4516058)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4516058\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - An error in Windows Text Service Framework (TSF) when the TSF server process\n does not validate the source of input or commands it receives.\n\n - Diagnostics Hub Standard Collector Service improperly impersonates certain\n file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n - Active Directory Federation Services (ADFS) does not properly sanitize\n certain error messages.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - An elevation of privilege exists in hdAudio.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain elevated privileges, execute code with elevated permissions, obtain\n information to further compromise the user's system and cause a target\n system to stop responding.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4516058\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.1005\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.1005\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:42", "description": "This host is missing a critical security\n update according to Microsoft KB4516066", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4516066)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1215", "CVE-2019-1240", "CVE-2019-1245", "CVE-2019-1280", "CVE-2019-1270", "CVE-2018-12126", "CVE-2019-1237", "CVE-2019-1282", "CVE-2019-1274", "CVE-2019-1221", "CVE-2019-1247", "CVE-2019-1253", "CVE-2019-1232", "CVE-2019-1242", "CVE-2019-1293", "CVE-2019-1241", "CVE-2019-1249", "CVE-2019-1286", "CVE-2019-1236", "CVE-2019-1250", "CVE-2019-1269", "CVE-2019-1291", "CVE-2019-1303", "CVE-2019-1256", "CVE-2019-1277", "CVE-2019-1248", "CVE-2018-12127", "CVE-2019-1287", "CVE-2019-1138", "CVE-2019-1278", "CVE-2019-1254", "CVE-2019-1220", "CVE-2019-0787", "CVE-2019-1214", "CVE-2019-1285", "CVE-2019-1290", "CVE-2019-0788", "CVE-2019-1300", "CVE-2019-1268", "CVE-2019-1208", "CVE-2019-1272", "CVE-2019-1267", "CVE-2019-1292", "CVE-2019-1252", "CVE-2019-1235", "CVE-2019-1251", "CVE-2019-1142", "CVE-2019-1289", "CVE-2019-1246", "CVE-2019-0928", "CVE-2019-1219", "CVE-2019-1271", "CVE-2019-1243", "CVE-2019-11091", "CVE-2019-1298", "CVE-2019-1244", "CVE-2018-12130"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815454", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815454\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-0787\",\n \"CVE-2019-0788\", \"CVE-2019-0928\", \"CVE-2019-11091\", \"CVE-2019-1138\",\n \"CVE-2019-1142\", \"CVE-2019-1208\", \"CVE-2019-1214\", \"CVE-2019-1215\",\n \"CVE-2019-1219\", \"CVE-2019-1220\", \"CVE-2019-1221\", \"CVE-2019-1232\",\n \"CVE-2019-1235\", \"CVE-2019-1236\", \"CVE-2019-1237\", \"CVE-2019-1240\",\n \"CVE-2019-1241\", \"CVE-2019-1242\", \"CVE-2019-1243\", \"CVE-2019-1244\",\n \"CVE-2019-1245\", \"CVE-2019-1246\", \"CVE-2019-1247\", \"CVE-2019-1248\",\n \"CVE-2019-1249\", \"CVE-2019-1250\", \"CVE-2019-1251\", \"CVE-2019-1252\",\n \"CVE-2019-1253\", \"CVE-2019-1254\", \"CVE-2019-1256\", \"CVE-2019-1267\",\n \"CVE-2019-1268\", \"CVE-2019-1269\", \"CVE-2019-1270\", \"CVE-2019-1271\",\n \"CVE-2019-1272\", \"CVE-2019-1274\", \"CVE-2019-1277\", \"CVE-2019-1278\",\n \"CVE-2019-1280\", \"CVE-2019-1282\", \"CVE-2019-1285\", \"CVE-2019-1286\",\n \"CVE-2019-1287\", \"CVE-2019-1289\", \"CVE-2019-1290\", \"CVE-2019-1291\",\n \"CVE-2019-1292\", \"CVE-2019-1293\", \"CVE-2019-1298\", \"CVE-2019-1300\",\n \"CVE-2019-1303\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-11 09:21:36 +0530 (Wed, 11 Sep 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4516066)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4516066\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - An error in Windows Text Service Framework (TSF) when the TSF server process\n does not validate the source of input or commands it receives.\n\n - Diagnostics Hub Standard Collector Service improperly impersonates certain\n file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n - Windows Transaction Manager improperly handles objects in memory.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - An elevation of privilege exists in hdAudio.\n\n - DirectWrite improperly discloses the contents of its memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system, gain the same user rights as the\n current user, bypass access restrictions to add or remove files and obtain\n information to further compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4516066\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1386\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1386\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:13", "description": "This host is missing a critical security\n update according to Microsoft KB4516068", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4516068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1215", "CVE-2019-1240", "CVE-2019-1245", "CVE-2019-1280", "CVE-2019-1270", "CVE-2018-12126", "CVE-2019-1237", "CVE-2019-1282", "CVE-2019-1274", "CVE-2019-1221", "CVE-2019-1247", "CVE-2019-1253", "CVE-2019-1232", "CVE-2019-1242", "CVE-2019-1293", "CVE-2019-1241", "CVE-2019-1249", "CVE-2019-1286", "CVE-2019-1236", "CVE-2019-1216", "CVE-2019-1250", "CVE-2019-1269", "CVE-2019-1291", "CVE-2019-1303", "CVE-2019-1256", "CVE-2019-1277", "CVE-2019-1248", "CVE-2018-12127", "CVE-2019-1287", "CVE-2019-1138", "CVE-2019-1278", "CVE-2019-1254", "CVE-2019-1220", "CVE-2019-0787", "CVE-2019-1214", "CVE-2019-1285", "CVE-2019-1290", "CVE-2019-0788", "CVE-2019-1300", "CVE-2019-1268", "CVE-2019-1208", "CVE-2019-1272", "CVE-2019-1267", "CVE-2019-1292", "CVE-2019-1252", "CVE-2019-1235", "CVE-2019-1251", "CVE-2019-1142", "CVE-2019-1289", "CVE-2019-1246", "CVE-2019-0928", "CVE-2019-1219", "CVE-2019-1271", "CVE-2019-1243", "CVE-2019-11091", "CVE-2019-1298", "CVE-2019-1244", "CVE-2018-12130"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815455", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815455\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-0787\",\n \"CVE-2019-0788\", \"CVE-2019-0928\", \"CVE-2019-11091\", \"CVE-2019-1138\",\n \"CVE-2019-1142\", \"CVE-2019-1208\", \"CVE-2019-1214\", \"CVE-2019-1215\",\n \"CVE-2019-1216\", \"CVE-2019-1219\", \"CVE-2019-1220\", \"CVE-2019-1221\",\n \"CVE-2019-1232\", \"CVE-2019-1235\", \"CVE-2019-1236\", \"CVE-2019-1237\",\n \"CVE-2019-1240\", \"CVE-2019-1241\", \"CVE-2019-1242\", \"CVE-2019-1243\",\n \"CVE-2019-1244\", \"CVE-2019-1245\", \"CVE-2019-1246\", \"CVE-2019-1247\",\n \"CVE-2019-1248\", \"CVE-2019-1249\", \"CVE-2019-1250\", \"CVE-2019-1251\",\n \"CVE-2019-1252\", \"CVE-2019-1253\", \"CVE-2019-1254\", \"CVE-2019-1256\",\n \"CVE-2019-1267\", \"CVE-2019-1268\", \"CVE-2019-1269\", \"CVE-2019-1270\",\n \"CVE-2019-1271\", \"CVE-2019-1272\", \"CVE-2019-1274\", \"CVE-2019-1277\",\n \"CVE-2019-1278\", \"CVE-2019-1280\", \"CVE-2019-1282\", \"CVE-2019-1285\",\n \"CVE-2019-1286\", \"CVE-2019-1287\", \"CVE-2019-1289\", \"CVE-2019-1290\",\n \"CVE-2019-1291\", \"CVE-2019-1292\", \"CVE-2019-1293\", \"CVE-2019-1298\",\n \"CVE-2019-1300\", \"CVE-2019-1303\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-11 10:02:30 +0530 (Wed, 11 Sep 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4516068)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4516068\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - An error in Windows Text Service Framework (TSF) when the TSF server process\n does not alidate the source of input or commands it receives.\n\n - Diagnostics Hub Standard Collector Service improperly impersonates\n certain file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - DirectX improperly handles objects in memory.\n\n - Windows Transaction Manager improperly handles objects in memory.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - An elevation of privilege exists in hdAudio.\n\n - Windows Update Delivery Optimization does not properly enforce file share\n permissions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system, gain elevated privileges, obtain\n information to further compromise the user's system and cause a target system\n to stop responding.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4516068\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.2044\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.2044\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:42", "description": "This host is missing a critical security\n update according to Microsoft KB4515384", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4515384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1215", "CVE-2019-1240", "CVE-2019-1245", "CVE-2019-1280", "CVE-2019-1270", "CVE-2019-1299", "CVE-2018-12126", "CVE-2019-1237", "CVE-2019-1282", "CVE-2019-1274", "CVE-2019-1221", "CVE-2019-1247", "CVE-2019-1217", "CVE-2019-1253", "CVE-2019-1232", "CVE-2019-1242", "CVE-2019-1293", "CVE-2019-1241", "CVE-2019-1249", "CVE-2019-1286", "CVE-2019-1236", "CVE-2019-1250", "CVE-2019-1269", "CVE-2019-1291", "CVE-2019-1303", "CVE-2019-1256", "CVE-2019-1277", "CVE-2019-1248", "CVE-2018-12127", "CVE-2019-1287", "CVE-2019-1138", "CVE-2019-1278", "CVE-2019-1254", "CVE-2019-1220", "CVE-2019-0787", "CVE-2019-1214", "CVE-2019-1285", "CVE-2019-1290", "CVE-2019-0788", "CVE-2019-1300", "CVE-2019-1294", "CVE-2019-1268", "CVE-2019-1208", "CVE-2019-1272", "CVE-2019-1267", "CVE-2019-1292", "CVE-2019-1252", "CVE-2019-1235", "CVE-2019-1251", "CVE-2019-1289", "CVE-2019-1246", "CVE-2019-1273", "CVE-2019-1219", "CVE-2019-1271", "CVE-2019-1243", "CVE-2019-11091", "CVE-2019-1298", "CVE-2019-1244", "CVE-2018-12130"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815456", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815456\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-0787\",\n \"CVE-2019-0788\", \"CVE-2019-11091\", \"CVE-2019-1138\", \"CVE-2019-1208\",\n \"CVE-2019-1214\", \"CVE-2019-1215\", \"CVE-2019-1217\", \"CVE-2019-1219\",\n \"CVE-2019-1220\", \"CVE-2019-1221\", \"CVE-2019-1232\", \"CVE-2019-1235\",\n \"CVE-2019-1236\", \"CVE-2019-1237\", \"CVE-2019-1240\", \"CVE-2019-1241\",\n \"CVE-2019-1242\", \"CVE-2019-1243\", \"CVE-2019-1244\", \"CVE-2019-1245\",\n \"CVE-2019-1246\", \"CVE-2019-1247\", \"CVE-2019-1248\", \"CVE-2019-1249\",\n \"CVE-2019-1250\", \"CVE-2019-1251\", \"CVE-2019-1252\", \"CVE-2019-1253\",\n \"CVE-2019-1254\", \"CVE-2019-1256\", \"CVE-2019-1267\", \"CVE-2019-1268\",\n \"CVE-2019-1269\", \"CVE-2019-1270\", \"CVE-2019-1271\", \"CVE-2019-1272\",\n \"CVE-2019-1273\", \"CVE-2019-1274\", \"CVE-2019-1277\", \"CVE-2019-1278\",\n \"CVE-2019-1280\", \"CVE-2019-1282\", \"CVE-2019-1285\", \"CVE-2019-1286\",\n \"CVE-2019-1287\", \"CVE-2019-1289\", \"CVE-2019-1290\", \"CVE-2019-1291\",\n \"CVE-2019-1292\", \"CVE-2019-1293\", \"CVE-2019-1294\", \"CVE-2019-1298\",\n \"CVE-2019-1299\", \"CVE-2019-1300\", \"CVE-2019-1303\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-11 10:18:11 +0530 (Wed, 11 Sep 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4515384)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4515384\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - An error in Windows Text Service Framework (TSF) when the TSF server process\n does not validate the source of input or commands it receives.\n\n - Diagnostics Hub Standard Collector Service improperly impersonates certain\n file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n - Active Directory Federation Services (ADFS) does not properly sanitize\n certain error messages.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - An elevation of privilege exists in hdAudio.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain elevated privileges, execute code with elevated permissions, obtain\n information to further compromise the user's system and cause a target\n system to stop responding.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4515384\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nntlVer = fetch_file_version(sysPath:sysPath, file_name:\"Ntoskrnl.exe\");\nif(!ntlVer)\n exit(0);\n\nif(version_in_range(version:ntlVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.355\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Ntoskrnl.exe\",\n file_version:ntlVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.355\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:42", "description": "This host is missing a critical security\n update according to Microsoft KB4512578", "cvss3": {}, "published": "2019-09-11T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1215", "CVE-2019-1240", "CVE-2019-1245", "CVE-2019-1280", "CVE-2019-1270", "CVE-2019-1299", "CVE-2018-12126", "CVE-2019-1237", "CVE-2019-1282", "CVE-2019-1274", "CVE-2019-1221", "CVE-2019-1247", "CVE-2019-1217", "CVE-2019-1253", "CVE-2019-1232", "CVE-2019-1242", "CVE-2019-1293", "CVE-2019-1241", "CVE-2019-1249", "CVE-2019-1286", "CVE-2019-1236", "CVE-2019-1250", "CVE-2019-1269", "CVE-2019-1291", "CVE-2019-1303", "CVE-2019-1256", "CVE-2019-1277", "CVE-2019-1248", "CVE-2018-12127", "CVE-2019-1287", "CVE-2019-1138", "CVE-2019-1278", "CVE-2019-1254", "CVE-2019-1220", "CVE-2019-0787", "CVE-2019-1214", "CVE-2019-1285", "CVE-2019-1290", "CVE-2019-0788", "CVE-2019-1300", "CVE-2019-1294", "CVE-2019-1268", "CVE-2019-1208", "CVE-2019-1272", "CVE-2019-1267", "CVE-2019-1292", "CVE-2019-1252", "CVE-2019-1235", "CVE-2019-1251", "CVE-2019-1289", "CVE-2019-1246", "CVE-2019-1273", "CVE-2019-1219", "CVE-2019-1271", "CVE-2019-1243", "CVE-2019-11091", "CVE-2019-1298", "CVE-2019-1244", "CVE-2018-12130"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815453", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815453\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-0787\",\n \"CVE-2019-0788\", \"CVE-2019-11091\", \"CVE-2019-1138\", \"CVE-2019-1208\",\n \"CVE-2019-1214\", \"CVE-2019-1215\", \"CVE-2019-1217\", \"CVE-2019-1219\",\n \"CVE-2019-1220\", \"CVE-2019-1221\", \"CVE-2019-1232\", \"CVE-2019-1235\",\n \"CVE-2019-1236\", \"CVE-2019-1237\", \"CVE-2019-1240\", \"CVE-2019-1241\",\n \"CVE-2019-1242\", \"CVE-2019-1243\", \"CVE-2019-1244\", \"CVE-2019-1245\",\n \"CVE-2019-1246\", \"CVE-2019-1247\", \"CVE-2019-1248\", \"CVE-2019-1249\",\n \"CVE-2019-1250\", \"CVE-2019-1251\", \"CVE-2019-1252\", \"CVE-2019-1253\",\n \"CVE-2019-1254\", \"CVE-2019-1256\", \"CVE-2019-1267\", \"CVE-2019-1268\",\n \"CVE-2019-1269\", \"CVE-2019-1270\", \"CVE-2019-1271\", \"CVE-2019-1272\",\n \"CVE-2019-1273\", \"CVE-2019-1274\", \"CVE-2019-1277\", \"CVE-2019-1278\",\n \"CVE-2019-1280\", \"CVE-2019-1282\", \"CVE-2019-1285\", \"CVE-2019-1286\",\n \"CVE-2019-1287\", \"CVE-2019-1289\", \"CVE-2019-1290\", \"CVE-2019-1291\",\n \"CVE-2019-1292\", \"CVE-2019-1293\", \"CVE-2019-1294\", \"CVE-2019-1298\",\n \"CVE-2019-1299\", \"CVE-2019-1300\", \"CVE-2019-1303\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-11 08:46:29 +0530 (Wed, 11 Sep 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512578)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512578\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - An error in Windows Text Service Framework (TSF) when the TSF server process\n does not validate the source of input or commands it receives.\n\n - The Diagnostics Hub Standard Collector Service improperly impersonates\n certain file operations.\n\n - The Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n - Active Directory Federation Services (ADFS) does not properly sanitize\n certain error messages.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - An elevation of privilege exists in hdAudio.\n\n - DirectWrite improperly discloses the contents of its memory.\n\n - Windows AppX Deployment Server improperly handles junctions.\n\n - Windows kernel fails to properly initialize a memory address.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain elevated privileges, execute arbitrary code on a victim system, bypass\n access restrictions to add or remove files, potentially read data that was not\n intended to be disclosed and conduct cross site scripting attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512578\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.736\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.736\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-09-13T08:31:29", "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 85 vulnerabilities, 19 of which are rated \u201ccritical,\" 65 that are considered \"important\" and one \"moderate.\" There is also a critical advisory relating to the latest update to Adobe Flash Player. \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including the Jet Database Engine and the Hyper-V hypervisor. \n \nTalos also released a new set of SNORT\u24c7 rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2019/09/snort-rule-update-for-sept-10-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 19 critical vulnerabilities this month, all of which we will highlight below. \n \n[CVE-2019-1291](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1291>), [CVE-2019-1290](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1290>), [CVE-2019-0788](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0788>) and [CVE-2019-0787](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0787>) are all remote code execution vulnerabilities in Windows Remote Desktop Protocol. An attacker can exploit these bugs by sending a specially crafted request to a client\u2019s RDP software. If successful, the attacker could then gain the ability to execute arbitrary code. These vulnerabilities are pre-authentication and require no user interaction. \n \n[CVE-2019-1257](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257>), [CVE-2019-1296](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296>) and [CVE-2019-1295](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295>) are remote code execution vulnerabilities in Microsoft SharePoint, a document manager and storage system. Some APIs in the software are exposed in unsafe ways, opening them up to exploitation if the user opens a specially crafted file. An attacker could exploit these vulnerabilities to gain the ability to execute code in the context of the SharePoint application pool and SharePoint server farm account. \n \n[CVE-2019-0719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0719>) and [CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>) are remote code execution vulnerabilities in the Windows Hyper-V hypervisor. These bugs arise when the Hyper-V Network Switch on a host server improperly validates input from an authenticated user on a guest operating system. An attacker could exploit these by running a specially crafted application on a guest OS, potentially causing the Hyper-V host OS to execute arbitrary code. \n \n[CVE-2019-1138](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1138>), [CVE-2019-1217](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1217>), [CVE-2019-1237](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1237>), [CVE-2019-1298](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1298>) and [CVE-2019-1300](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1300>) are remote code execution vulnerabilities in Chakra Scripting Engine when the engine attempts to handle objects in memory in the Microsoft Edge web browser. An attacker could exploit these bugs to corrupt memory on the target system, and then gain the ability to execute arbitrary code on the victim machine. A user can only trigger these vulnerabilities by clicking on an attacker-created web site in Microsoft Edge or a malicious ad on another site. [CVE-2019-1221](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1221>) is similar to these vulnerabilities, only it exists in Internet Explorer's scripting engine. \n \n[CVE-2019-1208](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1208>) and [CVE-2019-1236](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1236>) are remote code executions in the VBScript engine that exist in the way the engine handles objects in memory. An attacker could exploit these vulnerabilities by tricking the user into visiting a specially crafted website on Internet Explorer. Additionally, they could embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that utilizes the Internet Explorer rendering engine. \n \n[CVE-2019-1280](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1280>) is a vulnerability in Microsoft Windows that could allow an attacker to execute arbitrary code if they trick a user into opening a specially crafted .LNK file. If successful, the attacker could gain the same user rights as the local user. \n \n[CVE-2019-1306](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306>) is a remote code execution vulnerability that exists in Azure DevOps Server and Team Foundation Server when the software improperly validates certain inputs. An attacker could exploit this bug by tricking the user into opening a specially crafted file with a vulnerable version of the .NET Framework or Visual Studio. Additionally, the user could open a malicious attachment in an email. If successful, the attacker could execute code with the same rights as the current user. \n \n\n\n### Important vulnerabilities\n\nThis release also contains 65 important vulnerabilities, five of which we will highlight below. \n \n[CVE-2019-1214](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214>), [CVE-2019-1215](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215>) and [CVE-2019-1279](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1279>) are elevation of privilege vulnerabilities in the Windows Common Log File System (CLFS) driver. An attacker could exploit these bugs to run certain processes with elevated rights. An attacker would need to log onto the target system first, and then run a specially crafted application. Information from Microsofts states that malicious users have already exploited these vulnerabilities in the wild. \n \n[CVE-2019-1216](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1216>) and [CVE-2019-1219](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1219>) are vulnerabilities in DirectX that an attacker could exploit to see the contents of Kernel memory on the victim machine, which could allow them to execute additional attacks. These bugs exist in the way DirectX improperly handle objects in memory. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2019-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>)\n * [CVE-2019-0928](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0928>)\n * [CVE-2019-1142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142>)\n * [CVE-2019-1209](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209>)\n * [CVE-2019-1216](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1216>)\n * [CVE-2019-1219](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1219>)\n * [CVE-2019-1220](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1220>)\n * [CVE-2019-1230](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1230>)\n * [CVE-2019-1231](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1231>)\n * [CVE-2019-1232](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232>)\n * [CVE-2019-1233](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1233>)\n * [CVE-2019-1235](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1235>)\n * [CVE-2019-1240](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1240>)\n * [CVE-2019-1241](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1241>)\n * [CVE-2019-1242](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1242>)\n * [CVE-2019-1243](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1243>)\n * [CVE-2019-1244](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1244>)\n * [CVE-2019-1245](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1245>)\n * [CVE-2019-1246](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1246>)\n * [CVE-2019-1247](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1247>)\n * [CVE-2019-1248](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1248>)\n * [CVE-2019-1249](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1249>)\n * [CVE-2019-1250](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1250>)\n * [CVE-2019-1251](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1251>)\n * [CVE-2019-1252](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1252>)\n * [CVE-2019-1253](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253>)\n * [CVE-2019-1254](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1254>)\n * [CVE-2019-1256](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1256>)\n * [CVE-2019-1260](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260>)\n * [CVE-2019-1261](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261>)\n * [CVE-2019-1262](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262>)\n * [CVE-2019-1263](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1263>)\n * [CVE-2019-1264](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1264>)\n * [CVE-2019-1265](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1265>)\n * [CVE-2019-1266](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1266>)\n * [CVE-2019-1267](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1267>)\n * [CVE-2019-1268](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1268>)\n * [CVE-2019-1269](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1269>)\n * [CVE-2019-1270](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1270>)\n * [CVE-2019-1271](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1271>)\n * [CVE-2019-1272](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1272>)\n * [CVE-2019-1273](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1273>)\n * [CVE-2019-1274](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1274>)\n * [CVE-2019-1277](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1277>)\n * [CVE-2019-1278](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1278>)\n * [CVE-2019-1281](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1281>)\n * [CVE-2019-1282](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1282c>)\n * [CVE-2019-1283](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1283>)\n * [CVE-2019-1284](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1284>)\n * [CVE-2019-1285](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1285>)\n * [CVE-2019-1286](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1286>)\n * [CVE-2019-1287](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1287>)\n * [CVE-2019-1289](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1289>)\n * [CVE-2019-1292](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1292>)\n * [CVE-2019-1293](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1293>)\n * [CVE-2019-1294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1294>)\n * [CVE-2019-1297](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1297>)\n * [CVE-2019-1299](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1299>)\n * [CVE-2019-1301](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301>)\n * [CVE-2019-1302](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302>)\n * [CVE-2019-1303](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1303>)\n * [CVE-2019-1305](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305>)\n\n### Moderate vulnerability\n\nThere is one moderate vulnerability, [CVE-2019-1259](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259>), a spoofing vulnerability in Microsoft SharePoint. \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 51436 - 51438, 51445, 51446, 51449 - 51452, 51454 - 51457, 51463 - 51465, 51479 - 51483\n\n", "cvss3": {}, "published": "2019-09-10T12:12:34", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Sept. 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-0712", "CVE-2019-0719", "CVE-2019-0721", "CVE-2019-0787", "CVE-2019-0788", "CVE-2019-0928", "CVE-2019-1138", "CVE-2019-1142", "CVE-2019-1208", "CVE-2019-1209", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-1216", "CVE-2019-1217", "CVE-2019-1219", "CVE-2019-1220", "CVE-2019-1221", "CVE-2019-1230", "CVE-2019-1231", "CVE-2019-1232", "CVE-2019-1233", "CVE-2019-1235", "CVE-2019-1236", "CVE-2019-1237", "CVE-2019-1240", "CVE-2019-1241", "CVE-2019-1242", "CVE-2019-1243", "CVE-2019-1244", "CVE-2019-1245", "CVE-2019-1246", "CVE-2019-1247", "CVE-2019-1248", "CVE-2019-1249", "CVE-2019-1250", "CVE-2019-1251", "CVE-2019-1252", "CVE-2019-1253", "CVE-2019-1254", "CVE-2019-1256", "CVE-2019-1257", "CVE-2019-1259", "CVE-2019-1260", "CVE-2019-1261", "CVE-2019-1262", "CVE-2019-1263", "CVE-2019-1264", "CVE-2019-1265", "CVE-2019-1266", "CVE-2019-1267", "CVE-2019-1268", "CVE-2019-1269", "CVE-2019-1270", "CVE-2019-1271", "CVE-2019-1272", "CVE-2019-1273", "CVE-2019-1274", "CVE-2019-1277", "CVE-2019-1278", "CVE-2019-1279", "CVE-2019-1280", "CVE-2019-1281", "CVE-2019-1282", "CVE-2019-1283", "CVE-2019-1284", "CVE-2019-1285", "CVE-2019-1286", "CVE-2019-1287", "CVE-2019-1289", "CVE-2019-1290", "CVE-2019-1291", "CVE-2019-1292", "CVE-2019-1293", "CVE-2019-1294", "CVE-2019-1295", "CVE-2019-1296", "CVE-2019-1297", "CVE-2019-1298", "CVE-2019-1299", "CVE-2019-1300", "CVE-2019-1301", "CVE-2019-1302", "CVE-2019-1303", "CVE-2019-1305", "CVE-2019-1306"], "modified": "2019-09-10T12:12:34", "id": "TALOSBLOG:C3F889D9C3C954C42160A3C26034C2F6", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/lHCx8PxxTeA/microsoft-patch-tuesday-sept-2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}