Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4516070
HistorySep 10, 2019 - 7:00 a.m.

September 10, 2019—KB4516070 (OS Build 10240.18333)

2019-09-1007:00:00
Microsoft
support.microsoft.com
212

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.308 Low

EPSS

Percentile

96.9%

JSON

September 10, 2019—KB4516070 (OS Build 10240.18333)

For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article.

Highlights

  • Updates to improve security when using Internet Explorer, Microsoft Office, and input devices such as a mouse, keyboard, or stylus.
  • Updates for verifying user names and passwords.
  • Updates for storing and managing files.

Improvements and fixes

This security update includes quality improvements. Key changes include:

  • Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) to stop working with an “0xc0000005” error.
  • Addresses an issue that causes Microsoft Lync or Skype for Business to stop working unexpectedly when receiving calls or starting meetings.
  • Addresses an issue with the Origin request header behavior in Internet Explorer when you make cross-origin resource sharing (CORS) requests that use redirected resources in internal subnets.
  • Security updates to the Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Graphics, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Datacenter Networking, Windows Storage and Filesystems, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.
    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Windows Update ImprovementsMicrosoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn’t apply to long-term servicing editions.

Known issues in this update

Symptom Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following:
  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
    Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get this update

Before installing this updateMicrosoft strongly recommends that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For more information, see Servicing stack updates.If you are using Windows Update, the latest SSU (KB4512573) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically synchronize with WSUS if you configure Products and Classifications as follows:Product: Windows 10Classification: Security Updates File informationFor a list of the files that are provided in this update, download the file information for cumulative update 4516070.

Related

nessus 14
openvas 21
mskb 23
kaspersky 3
prion 35
cve 35
thn 1
threatpost 1
talosblog 1
krebs 1
qualysblog 1
fedora 2
attackerkb 4
checkpoint_advisories 2
mscve 22
symantec 25
zdi 5
zdt 2
trendmicroblog 1
nessus
nessus
KB4516064: Windows 8.1 and Windows Server 2012 R2 September 2019 Security Update
2019-09-10 00:00:00
KB4516062: Windows Server 2012 September 2019 Security Update
2019-09-10 00:00:00
KB4516070: Windows 10 September 2019 Security Update
2019-09-10 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4516070)
2019-09-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4516044)
2019-09-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4516067)
2019-09-11 00:00:00
mskb
mskb
September 10, 2019—KB4516064 (Security-only update)
2019-09-10 07:00:00
September 10, 2019—KB4516067 (Monthly Rollup)
2019-09-10 07:00:00
September 10, 2019—KB4516055 (Monthly Rollup)
2019-09-10 07:00:00
kaspersky
kaspersky
KLA11555 Multiple vulnerabilities in Microsoft Products (ESU)
2019-09-10 00:00:00
KLA11552 Multiple vulnerabilities in Microsoft Windows
2019-09-10 00:00:00
KLA11557 Multiple vulnerabilities in Microsoft Browsers
2019-09-10 00:00:00
prion
prion
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
Remote code execution
2019-09-11 22:15:00
cve
cve
CVE-2019-1248
2019-09-11 22:15:00
CVE-2019-1241
2019-09-11 22:15:00
CVE-2019-1249
2019-09-11 22:15:00
thn
thn
Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client
2019-09-10 18:16:00
threatpost
threatpost
Microsoft Addresses Two Zero-Days Under Active Attack
2019-09-10 19:54:07
talosblog
talosblog
Microsoft Patch Tuesday — Sept. 2019: Vulnerability disclosures and Snort coverage
2019-09-10 12:12:34
krebs
krebs
Patch Tuesday, September 2019 Edition
2019-09-10 20:09:11
qualysblog
qualysblog
September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc
2019-09-10 18:00:37
fedora
fedora
[SECURITY] Fedora 30 Update: pam-u2f-1.0.8-1.fc30
2019-06-19 22:46:18
[SECURITY] Fedora 29 Update: pam-u2f-1.0.8-1.fc29
2019-08-13 01:59:34
attackerkb
attackerkb
CVE-2019-1253
2019-09-11 00:00:00
CVE-2019-1303
2019-09-11 00:00:00
CVE-2019-1215
2019-09-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Win32k Elevation of Privilege (CVE-2019-1256)
2019-09-10 00:00:00
VBScript Engine Remote Code Execution (CVE-2019-1208)
2019-09-15 00:00:00
mscve
mscve
Win32k Elevation of Privilege Vulnerability
2019-09-10 07:00:00
Windows Data Sharing Service Elevation of Privilege Vulnerability
2019-09-10 07:00:00
DirectWrite Information Disclosure Vulnerability
2019-09-10 07:00:00
symantec
symantec
Microsoft Windows ALPC CVE-2019-1272 Local Privilege Escalation Vulnerability
2019-09-10 00:00:00
Microsoft Windows JET Database Engine CVE-2019-1243 Remote Code Execution Vulnerability
2019-09-10 00:00:00
Microsoft Windows Common Log File System CVE-2019-1282 Local Information Disclosure Vulnerability
2019-09-10 00:00:00
zdi
zdi
Microsoft Windows JET Database Engine Integer Underflow Remote Code Execution Vulnerability
2019-09-10 00:00:00
Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability
2019-09-10 00:00:00
Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability
2019-09-12 00:00:00
zdt
zdt
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts Exploit
2019-09-12 00:00:00
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts Exploit
2019-09-12 00:00:00
trendmicroblog
trendmicroblog
This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground
2019-09-13 13:18:33

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.308 Low

EPSS

Percentile

96.9%

JSON
Related for KB4516070
nessus14openvas21mskb23kaspersky3prion35cve35thn1threatpost1talosblog1krebs1qualysblog1fedora2attackerkb4checkpoint_advisories2mscve22symantec25zdi5zdt2trendmicroblog1