{"id": "MS:CVE-2019-1466", "bulletinFamily": "microsoft", "title": "Windows GDI Information Disclosure Vulnerability", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "published": "2019-12-11T08:00:00", "modified": "2019-12-11T08:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1466", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2019-1466"], "type": "mscve", "lastseen": "2020-08-07T11:45:33", "edition": 2, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-1466"]}, {"type": "symantec", "idList": ["SMNTC-111048"]}, {"type": "zdi", "idList": ["ZDI-19-1007"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815737", "OPENVAS:1361412562310815864", "OPENVAS:1361412562310815867", "OPENVAS:1361412562310815863", "OPENVAS:1361412562310815735", "OPENVAS:1361412562310815683", "OPENVAS:1361412562310815865", "OPENVAS:1361412562310815862"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_DEC_4530689.NASL", "SMB_NT_MS19_DEC_4530714.NASL", "SMB_NT_MS19_DEC_4530695.NASL", "SMB_NT_MS19_DEC_4530684.NASL", "SMB_NT_MS19_DEC_4530691.NASL", "SMB_NT_MS19_DEC_4530717.NASL", "SMB_NT_MS19_DEC_4530715.NASL", "SMB_NT_MS19_DEC_4530681.NASL", "SMB_NT_MS19_DEC_4530734.NASL", "SMB_NT_MS19_DEC_4530702.NASL"]}, {"type": "kaspersky", "idList": ["KLA11868", "KLA11862", "KLA11616"]}, {"type": "talosblog", "idList": ["TALOSBLOG:12856A82DEBDA69C67A87F8D8088BA8C"]}], "modified": "2020-08-07T11:45:33", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2020-08-07T11:45:33", "rev": 2}, "vulnersScore": 4.9}, "kbList": ["KB4530702", "KB4525243", "KB4530715", "KB4530734", "KB4530689", "KB4530681", "KB4525236", "KB4530714", "KB4525241", "KB4525246", "KB4530691", "KB4524570", "KB4525232", "KB4525235", "KB4530695", "KB4523205", "KB4530684", "KB4530717", "KB4525234", "KB4525237"], "msrc": "", "mscve": "CVE-2019-1466", "msAffectedSoftware": [{"kb": "KB4530715", "kbSupersedence": "KB4523205", "msplatform": "", "name": "Windows 10 Version 1809 for ARM64-based Systems"}, {"kb": "KB4530715", "kbSupersedence": "KB4523205", "msplatform": "", "name": "Windows Server 2019"}, {"kb": "KB4530717", "kbSupersedence": "KB4525237", "msplatform": "", "name": "Windows Server, version 1803 (Server Core Installation)"}, {"kb": "KB4530689", "kbSupersedence": "KB4525236", "msplatform": "", "name": "Windows 10 Version 1607 for x64-based Systems"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows 10 Version 1909 for ARM64-based Systems"}, {"kb": "KB4530715", "kbSupersedence": "KB4523205", "msplatform": "", "name": "Windows 10 Version 1809 for x64-based Systems"}, {"kb": "KB4530734", "kbSupersedence": "KB4525235", "msplatform": "", "name": "Windows 7 for 32-bit Systems Service Pack 1"}, {"kb": "KB4530695", "kbSupersedence": "KB4525234", "msplatform": "", "name": "Windows Server 2008 for 32-bit Systems Service Pack 2"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows 10 Version 1909 for 32-bit Systems"}, {"kb": "KB4530691", "kbSupersedence": "KB4525246", "msplatform": "", "name": "Windows Server 2012 (Server Core installation)"}, {"kb": "KB4530681", "kbSupersedence": "KB4525232", "msplatform": "", "name": "Windows 10 for 32-bit Systems"}, {"kb": "KB4530714", "kbSupersedence": "KB4525241", "msplatform": "", "name": "Windows 10 Version 1709 for x64-based Systems"}, {"kb": "KB4530702", "kbSupersedence": "KB4525243", "msplatform": "", "name": "Windows RT 8.1"}, {"kb": "KB4530689", "kbSupersedence": "KB4525236", "msplatform": "", "name": "Windows Server 2016"}, {"kb": "KB4530702", "kbSupersedence": "KB4525243", "msplatform": "", "name": "Windows 8.1 for 32-bit systems"}, {"kb": "KB4530695", "kbSupersedence": "KB4525234", "msplatform": "", "name": "Windows Server 2008 for x64-based Systems Service Pack 2"}, {"kb": "KB4530717", "kbSupersedence": "KB4525237", "msplatform": "", "name": "Windows 10 Version 1803 for x64-based Systems"}, {"kb": "KB4530717", "kbSupersedence": "KB4525237", "msplatform": "", "name": "Windows 10 Version 1803 for 32-bit Systems"}, {"kb": "KB4530689", "kbSupersedence": "KB4525236", "msplatform": "", "name": "Windows 10 Version 1607 for 32-bit Systems"}, {"kb": "KB4530689", "kbSupersedence": "KB4525236", "msplatform": "", "name": "Windows Server 2016 (Server Core installation)"}, {"kb": "KB4530714", "kbSupersedence": "KB4525241", "msplatform": "", "name": "Windows 10 Version 1709 for 32-bit Systems"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows 10 Version 1903 for 32-bit Systems"}, {"kb": "KB4530714", "kbSupersedence": "KB4525241", "msplatform": "", "name": "Windows 10 Version 1709 for ARM64-based Systems"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows 10 Version 1909 for x64-based Systems"}, {"kb": "KB4530715", "kbSupersedence": "KB4523205", "msplatform": "", "name": "Windows Server 2019 (Server Core installation)"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows Server, version 1909 (Server Core installation)"}, {"kb": "KB4530734", "kbSupersedence": "KB4525235", "msplatform": "", "name": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"}, {"kb": "KB4530702", "kbSupersedence": "KB4525243", "msplatform": "", "name": "Windows Server 2012 R2"}, {"kb": "KB4530695", "kbSupersedence": "KB4525234", "msplatform": "", "name": "Windows Server 2008 for Itanium-Based Systems Service Pack 2"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows 10 Version 1903 for x64-based Systems"}, {"kb": "KB4530681", "kbSupersedence": "KB4525232", "msplatform": "", "name": "Windows 10 for x64-based Systems"}, {"kb": "KB4530734", "kbSupersedence": "KB4525235", "msplatform": "", "name": "Windows 7 for x64-based Systems Service Pack 1"}, {"kb": "KB4530702", "kbSupersedence": "KB4525243", "msplatform": "", "name": "Windows Server 2012 R2 (Server Core installation)"}, {"kb": "KB4530702", "kbSupersedence": "KB4525243", "msplatform": "", "name": "Windows 8.1 for x64-based systems"}, {"kb": "KB4530695", "kbSupersedence": "KB4525234", "msplatform": "", "name": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)"}, {"kb": "KB4530715", "kbSupersedence": "KB4523205", "msplatform": "", "name": "Windows 10 Version 1809 for 32-bit Systems"}, {"kb": "KB4530734", "kbSupersedence": "KB4525235", "msplatform": "", "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"}, {"kb": "KB4530695", "kbSupersedence": "KB4525234", "msplatform": "", "name": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows 10 Version 1903 for ARM64-based Systems"}, {"kb": "KB4530691", "kbSupersedence": "KB4525246", "msplatform": "", "name": "Windows Server 2012"}, {"kb": "KB4530717", "kbSupersedence": "KB4525237", "msplatform": "", "name": "Windows 10 Version 1803 for ARM64-based Systems"}, {"kb": "KB4530734", "kbSupersedence": "KB4525235", "msplatform": "", "name": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"}, {"kb": "KB4530684", "kbSupersedence": "KB4524570", "msplatform": "", "name": "Windows Server, version 1903 (Server Core installation)"}], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T13:38:44", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-1466", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1466"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2019-1466", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1466", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2019-12-11T16:21:03", "bulletinFamily": "software", "cvelist": ["CVE-2019-1466"], "description": "### Description\n\nMicrosoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 Version 1909 for 32-bit Systems \n * Microsoft Windows 10 Version 1909 for ARM64-based Systems \n * Microsoft Windows 10 Version 1909 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 1909 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-12-10T00:00:00", "published": "2019-12-10T00:00:00", "id": "SMNTC-111048", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111048", "type": "symantec", "title": "Microsoft Windows GDI Component CVE-2019-1466 Information Disclosure Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2020-06-22T11:42:09", "bulletinFamily": "info", "cvelist": ["CVE-2019-1466"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2019-06-22T00:00:00", "published": "2019-12-11T00:00:00", "id": "ZDI-19-1007", "href": "https://www.zerodayinitiative.com/advisories/ZDI-19-1007/", "title": "Microsoft Windows EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-07-21T20:40:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530702", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815735", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815735", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530702)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815735\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1453\", \"CVE-2019-1458\", \"CVE-2019-1465\", \"CVE-2019-1466\",\n \"CVE-2019-1467\", \"CVE-2019-1468\", \"CVE-2019-1469\", \"CVE-2019-1470\",\n \"CVE-2019-1474\", \"CVE-2019-1484\", \"CVE-2019-1485\", \"CVE-2019-1488\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 11:44:25 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530702)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530702\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists as,\n\n - Win32k component fails to properly handle objects in memory\n\n - win32k component improperly provides kernel information.\n\n - Windows kernel improperly handles objects in memory.\n\n - Microsoft Defender improperly handles specific buffers.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to elevate privileges, execute arbitrary code, read unauthorized\n information, bypass secuirty restrictions and cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530702\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"inetcomm.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.19572\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Inetcomm.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.19572\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530681", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815867", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530681)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815867\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1453\", \"CVE-2019-1465\", \"CVE-2019-1466\", \"CVE-2019-1488\",\n \"CVE-2019-1467\", \"CVE-2019-1468\", \"CVE-2019-1469\", \"CVE-2019-1470\",\n \"CVE-2019-1472\", \"CVE-2019-1474\", \"CVE-2019-1484\", \"CVE-2019-1458\",\n \"CVE-2019-1485\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 09:28:10 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530681)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530681\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - Remote Desktop Protocol (RDP) improperly handles connection requests.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Win32k component fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system, escalate privileges and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530681\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"Pcadm.dll\");\nif(!sysVer)\n exit(0);\n\nif(version_in_range(version:sysVer, test_version:\"10.0.10240.0\", test_version2:\"10.0.10240.18426\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Pcadm.dll\",\n file_version:sysVer, vulnerable_range:\"10.0.10240.0 - 10.0.10240.18426\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530714", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815863", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815863", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530714)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815863\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1453\", \"CVE-2019-1465\", \"CVE-2019-1466\", \"CVE-2019-1483\",\n \"CVE-2019-1467\", \"CVE-2019-1468\", \"CVE-2019-1469\", \"CVE-2019-1470\",\n \"CVE-2019-1472\", \"CVE-2019-1474\", \"CVE-2019-1476\", \"CVE-2019-1484\",\n \"CVE-2019-1485\", \"CVE-2019-1488\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 09:28:10 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530714)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530714\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - Remote Desktop Protocol (RDP) improperly handles connection requests.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows AppX Deployment Server improperly handles junctions.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system, escalate privileges and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530714\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"Urlmon.dll\");\nif(!sysVer)\n exit(0);\n\nif(version_in_range(version:sysVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1564\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Urlmon.dll\",\n file_version:sysVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1564\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530689", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815862", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815862", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530689)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815862\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1453\", \"CVE-2019-1458\", \"CVE-2019-1465\", \"CVE-2019-1466\",\n \"CVE-2019-1467\", \"CVE-2019-1468\", \"CVE-2019-1469\", \"CVE-2019-1470\",\n \"CVE-2019-1472\", \"CVE-2019-1474\", \"CVE-2019-1476\", \"CVE-2019-1484\",\n \"CVE-2019-1485\", \"CVE-2019-1488\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 09:28:10 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530689)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530689\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - Remote Desktop Protocol (RDP) improperly handles connection requests.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Win32k component fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system, escalate privileges and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530689\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"Gdi32full.dll\");\nif(!sysVer)\n exit(0);\n\nif(version_in_range(version:sysVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3383\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Gdi32full.dll\",\n file_version:sysVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3383\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530717", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815865", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815865", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530717)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815865\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1453\", \"CVE-2019-1465\", \"CVE-2019-1466\", \"CVE-2019-1483\",\n \"CVE-2019-1467\", \"CVE-2019-1468\", \"CVE-2019-1469\", \"CVE-2019-1470\",\n \"CVE-2019-1472\", \"CVE-2019-1474\", \"CVE-2019-1476\", \"CVE-2019-1484\",\n \"CVE-2019-1485\", \"CVE-2019-1488\", \"CVE-2019-1471\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 09:28:10 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530717)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530717\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - Remote Desktop Protocol (RDP) improperly handles connection requests.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows AppX Deployment Server improperly handles junctions.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system, escalate privileges and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530717\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!sysVer)\n exit(0);\n\nif(version_in_range(version:sysVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.1183\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:sysVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.1183\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1481", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1478", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1480", "CVE-2019-1484", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530734", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815737", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815737", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530734)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815737\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1453\", \"CVE-2019-1458\", \"CVE-2019-1465\", \"CVE-2019-1466\",\n \"CVE-2019-1467\", \"CVE-2019-1468\", \"CVE-2019-1469\", \"CVE-2019-1470\",\n \"CVE-2019-1474\", \"CVE-2019-1478\", \"CVE-2019-1480\", \"CVE-2019-1481\",\n \"CVE-2019-1484\", \"CVE-2019-1485\", \"CVE-2019-1488\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 14:30:14 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530734)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530734\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Win32k component fails to properly handle objects in memory.\n\n - win32k component improperly provides kernel information.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows improperly handles COM object creation.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to\n execute arbitrary code, elevate privileges, gain access to sensitive information,\n cause denial of service and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530734/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Ntdll.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_is_less(version:dllVer, test_version:\"6.1.7601.24540\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Ntdll.dll\",\n file_version:dllVer, vulnerable_range:\"Less than 6.1.7601.24540\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1477", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530715", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815864", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815864", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530715)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815864\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1453\", \"CVE-2019-1465\", \"CVE-2019-1466\", \"CVE-2019-1483\",\n \"CVE-2019-1467\", \"CVE-2019-1468\", \"CVE-2019-1469\", \"CVE-2019-1470\",\n \"CVE-2019-1472\", \"CVE-2019-1474\", \"CVE-2019-1476\", \"CVE-2019-1484\",\n \"CVE-2019-1485\", \"CVE-2019-1488\", \"CVE-2019-1471\", \"CVE-2019-1477\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 09:28:10 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530715)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530715\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improperly handles objects in memory.\n\n - Remote Desktop Protocol (RDP) improperly handles connection requests.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows AppX Deployment Server improperly handles junctions.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system, escalate privileges and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530715\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\n# nb: csv wasn't updated for this information, taken based on patch\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"Rdpcorets.dll\");\nif(!sysVer)\n exit(0);\n\nif(version_in_range(version:sysVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.913\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Rdpcorets.dll\",\n file_version:sysVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.913\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-0838", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2018-0859", "CVE-2019-1476", "CVE-2019-0860", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "This host is missing a critical security\n update according to Microsoft KB4530684", "modified": "2020-07-17T00:00:00", "published": "2019-12-11T00:00:00", "id": "OPENVAS:1361412562310815683", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815683", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4530684)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815683\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-0859\", \"CVE-2019-0838\", \"CVE-2019-0860\", \"CVE-2019-1453\",\n \"CVE-2019-1465\", \"CVE-2019-1466\", \"CVE-2019-1467\", \"CVE-2019-1468\",\n \"CVE-2019-1469\", \"CVE-2019-1470\", \"CVE-2019-1471\", \"CVE-2019-1472\",\n \"CVE-2019-1474\", \"CVE-2019-1476\", \"CVE-2019-1483\", \"CVE-2019-1484\",\n \"CVE-2019-1485\", \"CVE-2019-1488\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-11 13:58:15 +0530 (Wed, 11 Dec 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4530684)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4530684\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when Windows Hyper-V on a host server fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error when the Windows kernel improperly handles objects in memory.\n\n - An error when Microsoft Defender improperly handles specific buffers.\n\n - An error when the Windows GDI component improperly discloses the contents\n of its memory.\n\n - An error when Microsoft Windows OLE fails to properly validate user input.\n\n - An error in the way that the VBScript engine handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain access to potentially sensitive information,\n trigger false positives for threat, escalate privileges, cause the RDP\n service on the target system to stop responding.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1909 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1909 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4530684\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Chakra.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"11.0.18362.0\", test_version2:\"11.0.18362.534\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Chakra.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.18362.0 - 11.0.18362.534\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-04-01T10:36:54", "description": "The remote Windows host is missing security update 4530698\nor cumulative update 4530691. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)", "edition": 9, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530698: Windows Server 2012 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2019-12-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530691.NASL", "href": "https://www.tenable.com/plugins/nessus/131928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131928);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/31\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1458\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1474\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530698\");\n script_xref(name:\"MSKB\", value:\"4530691\");\n script_xref(name:\"MSFT\", value:\"MS19-4530698\");\n script_xref(name:\"MSFT\", value:\"MS19-4530691\");\n\n script_name(english:\"KB4530698: Windows Server 2012 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530698\nor cumulative update 4530691. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\");\n # https://support.microsoft.com/en-us/help/4530698/windows-server-2012-update-kb4530698\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41f8c8b1\");\n # https://support.microsoft.com/en-us/help/4530691/windows-server-2012-update-kb4530691\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c69ab12f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4530698 or Cumulative Update KB4530691.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530698', '4530691');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530698, 4530691])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T10:36:54", "description": "The remote Windows host is missing security update 4530719\nor cumulative update 4530695. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1478)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)", "edition": 9, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530719: Windows Server 2008 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1478", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2019-12-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530695.NASL", "href": "https://www.tenable.com/plugins/nessus/131929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131929);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/31\");\n\n script_cve_id(\n \"CVE-2019-1458\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1474\",\n \"CVE-2019-1478\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530719\");\n script_xref(name:\"MSKB\", value:\"4530695\");\n script_xref(name:\"MSFT\", value:\"MS19-4530719\");\n script_xref(name:\"MSFT\", value:\"MS19-4530695\");\n\n script_name(english:\"KB4530719: Windows Server 2008 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530719\nor cumulative update 4530695. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1478)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\");\n # https://support.microsoft.com/en-us/help/4530719/windows-server-2008-update-kb4530719\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0050734\");\n # https://support.microsoft.com/en-us/help/4530695/windows-server-2008-update-kb4530695\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b9efd1a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4530719 or Cumulative Update KB4530695.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530695', '4530719');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530695, 4530719])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T10:36:55", "description": "The remote Windows host is missing security update 4530730\nor cumulative update 4530702. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)", "edition": 9, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530730: Windows 8.1 and Windows Server 2012 R2 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2019-12-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530702.NASL", "href": "https://www.tenable.com/plugins/nessus/131930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131930);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/31\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1458\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1474\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530702\");\n script_xref(name:\"MSKB\", value:\"4530730\");\n script_xref(name:\"MSFT\", value:\"MS19-4530702\");\n script_xref(name:\"MSFT\", value:\"MS19-4530730\");\n\n script_name(english:\"KB4530730: Windows 8.1 and Windows Server 2012 R2 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530730\nor cumulative update 4530702. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4530702/windows-8-1-kb4530702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4530730/windows-8-1-kb4530730\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4530730 or Cumulative Update KB4530702.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530702', '4530730');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530702, 4530730])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T10:36:55", "description": "The remote Windows host is missing security update 4530692\nor cumulative update 4530734. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1478)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)", "edition": 9, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530692: Windows 7 and Windows Server 2008 R2 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1478", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2019-12-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530734.NASL", "href": "https://www.tenable.com/plugins/nessus/131934", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131934);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/31\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1458\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1474\",\n \"CVE-2019-1478\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530734\");\n script_xref(name:\"MSKB\", value:\"4530692\");\n script_xref(name:\"MSFT\", value:\"MS19-4530734\");\n script_xref(name:\"MSFT\", value:\"MS19-4530692\");\n script_xref(name:\"IAVA\", value:\"2019-A-0450\");\n\n script_name(english:\"KB4530692: Windows 7 and Windows Server 2008 R2 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530692\nor cumulative update 4530734. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles COM object creation. An\n attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1478)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\");\n # https://support.microsoft.com/en-us/help/4530734/windows-7-update-kb4530734\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89866a56\");\n # https://support.microsoft.com/en-us/help/4530692/windows-7-update-kb4530692\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abe20468\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4530692 or Cumulative Update KB4530734.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530734', '4530692');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530734, 4530692])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T10:36:54", "description": "The remote Windows host is missing security update 4530681.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)", "edition": 9, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530681: Windows 10 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2019-12-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530681.NASL", "href": "https://www.tenable.com/plugins/nessus/131925", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131925);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/31\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1458\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1472\",\n \"CVE-2019-1474\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530681\");\n script_xref(name:\"MSFT\", value:\"MS19-4530681\");\n\n script_name(english:\"KB4530681: Windows 10 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530681.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\");\n # https://support.microsoft.com/en-us/help/4530681/windows-10-update-kb4530681\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3629add0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4530681.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530681');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530681])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-31T20:43:14", "description": "The remote Windows host is missing security update 4530714.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530714: Windows 10 Version 1709 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2019-12-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530714.NASL", "href": "https://www.tenable.com/plugins/nessus/131931", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131931);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/27\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1472\",\n \"CVE-2019-1474\",\n \"CVE-2019-1476\",\n \"CVE-2019-1483\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530714\");\n script_xref(name:\"MSFT\", value:\"MS19-4530714\");\n\n script_name(english:\"KB4530714: Windows 10 Version 1709 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530714.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\");\n # https://support.microsoft.com/en-us/help/4530714/windows-10-update-kb4530714\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?17cbf480\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4530714.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530714');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530714])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T10:36:54", "description": "The remote Windows host is missing security update 4530689.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530689: Windows 10 Version 1607 and Windows Server 2016 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1458", "CVE-2019-1469", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2019-12-10T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530689.NASL", "href": "https://www.tenable.com/plugins/nessus/131927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131927);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/31\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1458\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1472\",\n \"CVE-2019-1474\",\n \"CVE-2019-1476\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530689\");\n script_xref(name:\"MSFT\", value:\"MS19-4530689\");\n\n script_name(english:\"KB4530689: Windows 10 Version 1607 and Windows Server 2016 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530689.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1458)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\");\n # https://support.microsoft.com/en-us/help/4530689/windows-10-update-kb4530689\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bbafadd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4530689.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530689');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530689])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:45:52", "description": "The remote Windows host is missing security update 4530684.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1471)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530684: Windows 10 Version 1903 and Windows 10 Version 1909 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530684.NASL", "href": "https://www.tenable.com/plugins/nessus/131926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131926);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2020/01/28\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1471\",\n \"CVE-2019-1472\",\n \"CVE-2019-1474\",\n \"CVE-2019-1476\",\n \"CVE-2019-1483\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530684\");\n script_xref(name:\"MSFT\", value:\"MS19-4530684\");\n\n script_name(english:\"KB4530684: Windows 10 Version 1903 and Windows 10 Version 1909 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530684.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1471)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\");\n # https://support.microsoft.com/en-us/help/4530684/windows-10-update-kb4530684\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f732fcf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4530684.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530684');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530684])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530684])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:45:54", "description": "The remote Windows host is missing security update 4530717.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1471)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530717: Windows 10 Version 1803 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530717.NASL", "href": "https://www.tenable.com/plugins/nessus/131933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131933);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1471\",\n \"CVE-2019-1472\",\n \"CVE-2019-1474\",\n \"CVE-2019-1476\",\n \"CVE-2019-1483\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530717\");\n script_xref(name:\"MSFT\", value:\"MS19-4530717\");\n\n script_name(english:\"KB4530717: Windows 10 Version 1803 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530717.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1471)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\");\n # https://support.microsoft.com/en-us/help/4530717/windows-10-update-kb4530717\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c65293b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4530717.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530717');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530717])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:45:54", "description": "The remote Windows host is missing security update 4530715.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1471)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Printer Service improperly validates file paths\n while loading printer drivers. An authenticated attacker\n who successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges.\n (CVE-2019-1477)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "title": "KB4530715: Windows 10 Version 1809 and Windows Server 2019 December 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1477", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_DEC_4530715.NASL", "href": "https://www.tenable.com/plugins/nessus/131932", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131932);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\n \"CVE-2019-1453\",\n \"CVE-2019-1465\",\n \"CVE-2019-1466\",\n \"CVE-2019-1467\",\n \"CVE-2019-1468\",\n \"CVE-2019-1469\",\n \"CVE-2019-1470\",\n \"CVE-2019-1471\",\n \"CVE-2019-1472\",\n \"CVE-2019-1474\",\n \"CVE-2019-1476\",\n \"CVE-2019-1477\",\n \"CVE-2019-1483\",\n \"CVE-2019-1484\",\n \"CVE-2019-1485\",\n \"CVE-2019-1488\"\n );\n script_xref(name:\"MSKB\", value:\"4530715\");\n script_xref(name:\"MSFT\", value:\"MS19-4530715\");\n\n script_name(english:\"KB4530715: Windows 10 Version 1809 and Windows Server 2019 December 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4530715.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1471)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows OLE fails to properly validate user\n input. An attacker could exploit the vulnerability to\n execute malicious code. (CVE-2019-1484)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1453)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1472, CVE-2019-1474)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Server improperly handles\n junctions. (CVE-2019-1483)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1469)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1468)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1465, CVE-2019-1466, CVE-2019-1467)\n\n - An elevation of privilege vulnerability exists when the\n Windows Printer Service improperly validates file paths\n while loading printer drivers. An authenticated attacker\n who successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges.\n (CVE-2019-1477)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1476)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-1470)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1485)\n\n - A security feature bypass vulnerability exists when\n Microsoft Defender improperly handles specific buffers.\n An attacker could exploit the vulnerability to trigger\n warnings and false positives when no threat is present.\n (CVE-2019-1488)\");\n # https://support.microsoft.com/en-us/help/4530715/windows-10-update-kb4530715\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a85b1357\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4530715.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-12\";\nkbs = make_list('4530715');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"12_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4530715])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:57:14", "bulletinFamily": "info", "cvelist": ["CVE-2019-1458", "CVE-2019-1481", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1478", "CVE-2019-1453", "CVE-2019-1485", "CVE-2019-1480", "CVE-2019-1484", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "### *Detect date*:\n12/10/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows 8.1 for x64-based systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2019 \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1470](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1470>) \n[CVE-2019-1466](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1466>) \n[CVE-2019-1474](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1474>) \n[CVE-2019-1465](<https://nvd.nist.gov/vuln/detail/CVE-2019-1465>) \n[CVE-2019-1484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1484>) \n[CVE-2019-1478](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1478>) \n[CVE-2019-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1468>) \n[CVE-2019-1458](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1458>) \n[CVE-2019-1480](<https://nvd.nist.gov/vuln/detail/CVE-2019-1480>) \n[CVE-2019-1481](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1481>) \n[CVE-2019-1485](<https://nvd.nist.gov/vuln/detail/CVE-2019-1485>) \n[CVE-2019-1488](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1488>) \n[CVE-2019-1453](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1453>) \n[CVE-2019-1467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1467>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1484>)0.0Unknown \n[CVE-2019-1488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1488>)0.0Unknown \n[CVE-2019-1470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1470>)0.0Unknown \n[CVE-2019-1453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1453>)0.0Unknown \n[CVE-2019-1465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1465>)0.0Unknown \n[CVE-2019-1458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1458>)0.0Unknown \n[CVE-2019-1474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1474>)0.0Unknown \n[CVE-2019-1481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1481>)0.0Unknown \n[CVE-2019-1480](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1480>)0.0Unknown \n[CVE-2019-1467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1467>)0.0Unknown \n[CVE-2019-1468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1468>)0.0Unknown \n[CVE-2019-1478](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1478>)0.0Unknown \n[CVE-2019-1466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1466>)0.0Unknown \n[CVE-2019-1485](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1485>)0.0Unknown\n\n### *KB list*:\n[4530695](<http://support.microsoft.com/kb/4530695>) \n[4530734](<http://support.microsoft.com/kb/4530734>) \n[4530719](<http://support.microsoft.com/kb/4530719>) \n[4530692](<http://support.microsoft.com/kb/4530692>) \n[4530677](<http://support.microsoft.com/kb/4530677>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-12-10T00:00:00", "id": "KLA11862", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11862", "title": "\r KLA11862Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:59:44", "bulletinFamily": "info", "cvelist": ["CVE-2019-1458", "CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1477", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1489", "CVE-2019-1453", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "### *Detect date*:\n12/11/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMicrosoft Windows XP Service Pack 3 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2016 \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1909 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server, version 1909 (Server Core installation) \nWindows RT 8.1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2012 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows Server 2019 \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2012 R2 \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 2004 for x64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1483](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1483>) \n[CVE-2019-1484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1484>) \n[CVE-2019-1489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1489>) \n[CVE-2019-1488](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1488>) \n[CVE-2019-1453](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1453>) \n[CVE-2019-1465](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1465>) \n[CVE-2019-1458](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1458>) \n[CVE-2019-1474](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1474>) \n[CVE-2019-1476](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1476>) \n[CVE-2019-1471](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1471>) \n[CVE-2019-1467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1467>) \n[CVE-2019-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1468>) \n[CVE-2019-1469](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1469>) \n[CVE-2019-1466](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1466>) \n[CVE-2019-1470](<https://nvd.nist.gov/vuln/detail/CVE-2019-1470>) \n[CVE-2019-1472](<https://nvd.nist.gov/vuln/detail/CVE-2019-1472>) \n[CVE-2019-1477](<https://nvd.nist.gov/vuln/detail/CVE-2019-1477>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1483>)0.0Unknown \n[CVE-2019-1484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1484>)0.0Unknown \n[CVE-2019-1489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1489>)0.0Unknown \n[CVE-2019-1488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1488>)0.0Unknown \n[CVE-2019-1470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1470>)0.0Unknown \n[CVE-2019-1453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1453>)0.0Unknown \n[CVE-2019-1465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1465>)0.0Unknown \n[CVE-2019-1458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1458>)0.0Unknown \n[CVE-2019-1474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1474>)0.0Unknown \n[CVE-2019-1472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1472>)0.0Unknown \n[CVE-2019-1476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1476>)0.0Unknown \n[CVE-2019-1471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1471>)0.0Unknown \n[CVE-2019-1467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1467>)0.0Unknown \n[CVE-2019-1468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1468>)0.0Unknown \n[CVE-2019-1477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1477>)0.0Unknown \n[CVE-2019-1469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1469>)0.0Unknown \n[CVE-2019-1466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1466>)0.0Unknown\n\n### *KB list*:\n[4530684](<http://support.microsoft.com/kb/4530684>) \n[4530691](<http://support.microsoft.com/kb/4530691>) \n[4530681](<http://support.microsoft.com/kb/4530681>) \n[4530714](<http://support.microsoft.com/kb/4530714>) \n[4530689](<http://support.microsoft.com/kb/4530689>) \n[4530730](<http://support.microsoft.com/kb/4530730>) \n[4530717](<http://support.microsoft.com/kb/4530717>) \n[4530698](<http://support.microsoft.com/kb/4530698>) \n[4530702](<http://support.microsoft.com/kb/4530702>) \n[4530715](<http://support.microsoft.com/kb/4530715>) \n[4565503](<http://support.microsoft.com/kb/4565503>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-12-11T00:00:00", "id": "KLA11616", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11616", "title": "\r KLA11616Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T12:00:27", "bulletinFamily": "info", "cvelist": ["CVE-2019-1458", "CVE-2019-1483", "CVE-2019-1469", "CVE-2019-1471", "CVE-2019-1467", "CVE-2019-1488", "CVE-2019-1477", "CVE-2019-1476", "CVE-2019-1468", "CVE-2019-1465", "CVE-2019-1489", "CVE-2019-1453", "CVE-2019-1484", "CVE-2019-1472", "CVE-2019-1470", "CVE-2019-1474", "CVE-2019-1466"], "description": "### *Detect date*:\n12/10/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nMicrosoft Windows XP Service Pack 3 \nWindows 10 Version 2004 for x64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 Version 1803 for x64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1471](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1471>) \n[CVE-2019-1470](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1470>) \n[CVE-2019-1474](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1474>) \n[CVE-2019-1472](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1472>) \n[CVE-2019-1488](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1488>) \n[CVE-2019-1467](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1467>) \n[CVE-2019-1477](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1477>) \n[CVE-2019-1476](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1476>) \n[CVE-2019-1484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1484>) \n[CVE-2019-1468](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1468>) \n[CVE-2019-1469](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1469>) \n[CVE-2019-1483](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1483>) \n[CVE-2019-1458](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1458>) \n[CVE-2019-1466](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1466>) \n[CVE-2019-1453](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1453>) \n[CVE-2019-1465](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1465>) \n[CVE-2019-1489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1489>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1483](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1483>)0.0Unknown \n[CVE-2019-1484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1484>)0.0Unknown \n[CVE-2019-1489](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1489>)0.0Unknown \n[CVE-2019-1488](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1488>)0.0Unknown \n[CVE-2019-1470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1470>)0.0Unknown \n[CVE-2019-1453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1453>)0.0Unknown \n[CVE-2019-1465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1465>)0.0Unknown \n[CVE-2019-1458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1458>)0.0Unknown \n[CVE-2019-1474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1474>)0.0Unknown \n[CVE-2019-1472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1472>)0.0Unknown \n[CVE-2019-1476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1476>)0.0Unknown \n[CVE-2019-1471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1471>)0.0Unknown \n[CVE-2019-1467](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1467>)0.0Unknown \n[CVE-2019-1468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1468>)0.0Unknown \n[CVE-2019-1477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1477>)0.0Unknown \n[CVE-2019-1469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1469>)0.0Unknown \n[CVE-2019-1466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1466>)0.0Unknown\n\n### *KB list*:\n[4530684](<http://support.microsoft.com/kb/4530684>) \n[4530691](<http://support.microsoft.com/kb/4530691>) \n[4530681](<http://support.microsoft.com/kb/4530681>) \n[4530714](<http://support.microsoft.com/kb/4530714>) \n[4530689](<http://support.microsoft.com/kb/4530689>) \n[4530730](<http://support.microsoft.com/kb/4530730>) \n[4530717](<http://support.microsoft.com/kb/4530717>) \n[4530698](<http://support.microsoft.com/kb/4530698>) \n[4530702](<http://support.microsoft.com/kb/4530702>) \n[4530715](<http://support.microsoft.com/kb/4530715>) \n[4565503](<http://support.microsoft.com/kb/4565503>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-12-10T00:00:00", "id": "KLA11868", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11868", "title": "\r KLA11868Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-12-12T11:26:12", "bulletinFamily": "blog", "cvelist": ["CVE-2019-1332", "CVE-2019-1400", "CVE-2019-1453", "CVE-2019-1458", "CVE-2019-1461", "CVE-2019-1462", "CVE-2019-1463", "CVE-2019-1464", "CVE-2019-1465", "CVE-2019-1466", "CVE-2019-1467", "CVE-2019-1468", "CVE-2019-1469", "CVE-2019-1470", "CVE-2019-1471", "CVE-2019-1472", "CVE-2019-1474", "CVE-2019-1476", "CVE-2019-1477", "CVE-2019-1478", "CVE-2019-1480", "CVE-2019-1481", "CVE-2019-1483", "CVE-2019-1484", "CVE-2019-1485"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical. \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products. \n \nTalos also released a [new set of SNORT\u24c7 rules](<https://snort.org/advisories/talos-rules-2019-12-10>) that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2019/12/snort-rule-update-for-dec-10-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed two critical vulnerabilities this month, both of which we will highlight below. \n \n[CVE-2019-1468](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1468>) is a remote code execution vulnerability in the Windows font library that exists due to the library improperly handling some embedded fonts. An attacker could exploit this bug by using a specially crafted, malicious embedded font on a web page, and then trick the user into visiting that web page. Alternatively, a user would need to open a specially crafted font file on their machine. \n \n[CVE-2019-1471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1471>) is a remote code execution vulnerability in the Hyper-V hypervisor. Hyper-V can sometimes fail to properly validate input from an authenticated user on a guest operating system. An attacker could exploit this vulnerability by running a specially crafted application on a guest OS, which would cause the Hyper-V host OS to execute arbitrary code on the host operating system. \n \n\n\n### Important vulnerabilities\n\nThis release also contains 23 important vulnerabilities, three of which we will highlight below. \n \n[CVE-2019-1458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458>) is an elevation of privilege vulnerability in Windows' Win32k component. An attacker could exploit this vulnerability by logging onto a system, then running a specially crafted application that would allow them to take complete control of the system and execute arbitrary code in kernel mode. Microsoft reports that this vulnerability has been used in the wild. \n \n[CVE-2019-1469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1469>) is an information disclosure vulnerability in Windows that arises when the win32k component fails to provide kernel information. An attacker could exploit this vulnerability to obtain uninitialized memory and kernel memory, which could then be used in additional attacks. \n \n[CVE-2019-1485](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1485>) is a remote code execution vulnerability in the VBscript engine. An attacker could exploit this vulnerability to corrupt memory of the affected system in a way that would allow them to execute arbitrary code in the context of the current user. To trigger this vulnerability, a user would have to visit a malicious, specially crafted website in the Internet Explorer web browser. An attacker could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that utilizes Internet Explorer's rendering engine, and then trick the user into opening that file. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2019-1332](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332>)\n * [CVE-2019-1400](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1400>)\n * [CVE-2019-1453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1453>)\n * [CVE-2019-1461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1461>)\n * [CVE-2019-1462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1462>)\n * [CVE-2019-1463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1463>)\n * [CVE-2019-1464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1464>)\n * [CVE-2019-1465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1465>)\n * [CVE-2019-1466](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1466>)\n * [CVE-2019-1467](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1467>)\n * [CVE-2019-1470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1470>)\n * [CVE-2019-1472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1472>)\n * [CVE-2019-1474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1474>)\n * [CVE-2019-1476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1476>)\n * [CVE-2019-1477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1477>)\n * [CVE-2019-1478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1478>)\n * [CVE-2019-1480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1480>)\n * [CVE-2019-1481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1481>)\n * [CVE-2019-1483](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1483>)\n * [CVE-2019-1484](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1484>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 52402, 52403, 52410, 52411, 52419, 52420\n\n", "modified": "2019-12-10T10:41:37", "published": "2019-12-10T10:41:37", "id": "TALOSBLOG:12856A82DEBDA69C67A87F8D8088BA8C", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/qdY6qNdyflQ/microsoft-patch-tuesday-dec-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Dec. 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}