DATABASE RESOURCES PRICING ABOUT US

{"id": "SMB_NT_MS19_JUN_4503285.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB4503263: Windows Server 2012 June 2019 Security Update", "description": "The remote Windows host is missing security update 4503263 or cumulative update 4503285. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0713)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1045)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1015, CVE-2019-1046, CVE-2019-1050)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "published": "2019-06-11T00:00:00", "modified": "2022-12-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/125821", "reporter": "This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0909", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1025", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0972", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0713", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0904", "http://www.nessus.org/u?11b6c66e", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0888", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0943", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0984", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1053", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0986", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0941", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0908", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0974", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0948", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1081", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0907", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1055", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1005", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0722", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1014", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1012", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1080", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1017", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1038", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1040", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0906", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0973", "http://www.nessus.org/u?b6f9d59c", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1043", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1045", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1050", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1046", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0620", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0988", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1019", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1015", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0905", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1039", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0920"], "cvelist": ["CVE-2019-0620", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1025", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"], "immutableFields": [], "lastseen": "2023-01-11T15:17:51", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:B4447AA8-BD5F-410D-A592-76FEEDA507EA"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0714", "CPAI-2019-0715", "CPAI-2019-0717", "CPAI-2019-0718", "CPAI-2019-0721", "CPAI-2019-0725", "CPAI-2019-0728", "CPAI-2019-0734", "CPAI-2019-0738", "CPAI-2019-1459", "CPAI-2019-1509", "CPAI-2019-1531", "CPAI-2019-2139"]}, {"type": "cve", "idList": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0959", "CVE-2019-0960", "CVE-2019-0968", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0977", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1025", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"]}, {"type": "exploitdb", "idList": ["EDB-ID:40863"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:13A5BB141ECA5CA8BCF5F91ACC56BA13"]}, {"type": "githubexploit", "idList": ["1FEBEBF0-4E44-56B3-8111-2B2357BDD6B6", "28F899A8-D565-51D0-A9B5-5B2B631407EB", "5A536F24-BD78-5071-8727-80AB3F4AB1CF", "6531DE99-76A6-5374-998A-30AC54C10711", "AE9D3A7C-7BEB-54EA-9C61-A03C494D5EDD", "C82E0A5A-3070-5ED4-A0CF-B3E342C5E0C1", "F14831DC-287D-51D9-A831-971C21783F04", "FBA74A16-061A-5741-B662-B77D2C6DF28F"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "kaspersky", "idList": ["KLA11493", "KLA11500", "KLA11874"]}, {"type": "krebs", "idList": ["KREBS:72AD883B9D56B1738723ABBD656A0AED"]}, {"type": "mscve", "idList": ["MS:CVE-2019-0620", "MS:CVE-2019-0713", "MS:CVE-2019-0722", "MS:CVE-2019-0888", "MS:CVE-2019-0904", "MS:CVE-2019-0905", "MS:CVE-2019-0906", "MS:CVE-2019-0907", "MS:CVE-2019-0908", "MS:CVE-2019-0909", "MS:CVE-2019-0920", "MS:CVE-2019-0941", "MS:CVE-2019-0943", "MS:CVE-2019-0948", "MS:CVE-2019-0972", "MS:CVE-2019-0973", "MS:CVE-2019-0974", "MS:CVE-2019-0984", "MS:CVE-2019-0986", "MS:CVE-2019-0988", "MS:CVE-2019-1005", "MS:CVE-2019-1010", "MS:CVE-2019-1012", "MS:CVE-2019-1014", "MS:CVE-2019-1015", "MS:CVE-2019-1017", "MS:CVE-2019-1019", "MS:CVE-2019-1025", "MS:CVE-2019-1038", "MS:CVE-2019-1039", "MS:CVE-2019-1040", "MS:CVE-2019-1043", "MS:CVE-2019-1045", "MS:CVE-2019-1046", "MS:CVE-2019-1050", "MS:CVE-2019-1053", "MS:CVE-2019-1055", "MS:CVE-2019-1080", "MS:CVE-2019-1081"]}, {"type": "mskb", "idList": ["KB4503259", "KB4503263", "KB4503267", "KB4503269", "KB4503273", "KB4503276", "KB4503284", "KB4503285", "KB4503287", "KB4503290", "KB4503291", "KB4503292"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994853"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_JUN_4503267.NASL", "SMB_NT_MS19_JUN_4503273.NASL", "SMB_NT_MS19_JUN_4503276.NASL", "SMB_NT_MS19_JUN_4503279.NASL", "SMB_NT_MS19_JUN_4503284.NASL", "SMB_NT_MS19_JUN_4503286.NASL", "SMB_NT_MS19_JUN_4503291.NASL", "SMB_NT_MS19_JUN_4503292.NASL", "SMB_NT_MS19_JUN_4503293.NASL", "SMB_NT_MS19_JUN_4503327.NASL", "SMB_NT_MS19_JUN_INTERNET_EXPLORER.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143217", "OPENVAS:1361412562310815085", "OPENVAS:1361412562310815086", "OPENVAS:1361412562310815087", "OPENVAS:1361412562310815088", "OPENVAS:1361412562310815205", "OPENVAS:1361412562310815206", "OPENVAS:1361412562310815207", "OPENVAS:1361412562310815208", "OPENVAS:1361412562310815210", "OPENVAS:1361412562310815431"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:548A2D8484377A20A276BF58474488F7", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E"]}, {"type": "securelist", "idList": ["SECURELIST:78FB952921DD97BAF55DA33811CB6FE4"]}, {"type": "symantec", "idList": ["SMNTC-108570", "SMNTC-108577", "SMNTC-108581", "SMNTC-108583", "SMNTC-108584", "SMNTC-108585", "SMNTC-108586", "SMNTC-108591", "SMNTC-108594", "SMNTC-108599", "SMNTC-108600", "SMNTC-108603", "SMNTC-108604", "SMNTC-108606", "SMNTC-108607", "SMNTC-108609", "SMNTC-108612", "SMNTC-108613", "SMNTC-108614", "SMNTC-108620", "SMNTC-108624", "SMNTC-108627", "SMNTC-108633", "SMNTC-108638", "SMNTC-108641", "SMNTC-108644", "SMNTC-108646", "SMNTC-108648", "SMNTC-108650", "SMNTC-108651", "SMNTC-108654", "SMNTC-108655", "SMNTC-108656", "SMNTC-108666", "SMNTC-108667", "SMNTC-108668", "SMNTC-108669", "SMNTC-108708", "SMNTC-108709"]}, {"type": "talosblog", "idList": ["TALOSBLOG:07D81B04EFE21AC0E3C8DD9F1F76E7A4", "TALOSBLOG:A2A267E7C20665C55127A15BC5B9F7BD"]}, {"type": "thn", "idList": ["THN:9B966D7333226606F54AD717A81F6D7E", "THN:DE75CD7956BAB116B16CC505A5BB0C47"]}, {"type": "threatpost", "idList": ["THREATPOST:040A4A9D0367AA2E807A97FB83D00240", "THREATPOST:32543D9C50E016B8E5F07112935E35F8", "THREATPOST:93C6C6F1F74B11C3D7F109589684DAED", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452"]}, {"type": "zdi", "idList": ["ZDI-19-544", "ZDI-19-554", "ZDI-19-555", "ZDI-19-556", "ZDI-19-557", "ZDI-19-558", "ZDI-19-559", "ZDI-19-624", "ZDI-19-625", "ZDI-19-626", "ZDI-19-627", "ZDI-19-638", "ZDI-19-639", "ZDI-19-641", "ZDI-19-723"]}, {"type": "zdt", "idList": ["1337DAY-ID-32897", "1337DAY-ID-32977"]}]}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:B4447AA8-BD5F-410D-A592-76FEEDA507EA"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0714", "CPAI-2019-0715", "CPAI-2019-0717", "CPAI-2019-0718", "CPAI-2019-0721", "CPAI-2019-0725", "CPAI-2019-0728", "CPAI-2019-0734", "CPAI-2019-0738", "CPAI-2019-1459", "CPAI-2019-1509", "CPAI-2019-1531", "CPAI-2019-2139"]}, {"type": "cve", "idList": ["CVE-2019-0620", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1025", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"]}, {"type": "exploitdb", "idList": ["EDB-ID:40863"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:13A5BB141ECA5CA8BCF5F91ACC56BA13"]}, {"type": "githubexploit", "idList": ["1FEBEBF0-4E44-56B3-8111-2B2357BDD6B6", "28F899A8-D565-51D0-A9B5-5B2B631407EB", "5A536F24-BD78-5071-8727-80AB3F4AB1CF", "6531DE99-76A6-5374-998A-30AC54C10711", "AE9D3A7C-7BEB-54EA-9C61-A03C494D5EDD", "C82E0A5A-3070-5ED4-A0CF-B3E342C5E0C1", "F14831DC-287D-51D9-A831-971C21783F04", "FBA74A16-061A-5741-B662-B77D2C6DF28F"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51"]}, {"type": "kaspersky", "idList": ["KLA11493", "KLA11500", "KLA11874"]}, {"type": "krebs", "idList": ["KREBS:72AD883B9D56B1738723ABBD656A0AED"]}, {"type": "mscve", "idList": ["MS:CVE-2019-0722", "MS:CVE-2019-0888", "MS:CVE-2019-0904", "MS:CVE-2019-0905", "MS:CVE-2019-0907", "MS:CVE-2019-0908", "MS:CVE-2019-0909", "MS:CVE-2019-0943", "MS:CVE-2019-0972", "MS:CVE-2019-0973", "MS:CVE-2019-0974", "MS:CVE-2019-0984", "MS:CVE-2019-0988", "MS:CVE-2019-1010", "MS:CVE-2019-1012", "MS:CVE-2019-1014", "MS:CVE-2019-1015", "MS:CVE-2019-1017", "MS:CVE-2019-1038", "MS:CVE-2019-1039", "MS:CVE-2019-1040", "MS:CVE-2019-1046", "MS:CVE-2019-1050", "MS:CVE-2019-1053", "MS:CVE-2019-1055"]}, {"type": "mskb", "idList": ["KB4503292"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994853"]}, {"type": "nessus", "idList": ["SMB_HOTFIXES.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815085", "OPENVAS:1361412562310815086", "OPENVAS:1361412562310815087", "OPENVAS:1361412562310815088", "OPENVAS:1361412562310815205", "OPENVAS:1361412562310815206", "OPENVAS:1361412562310815207", "OPENVAS:1361412562310815208", "OPENVAS:1361412562310815210", "OPENVAS:1361412562310815431"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:548A2D8484377A20A276BF58474488F7"]}, {"type": "securelist", "idList": ["SECURELIST:78FB952921DD97BAF55DA33811CB6FE4"]}, {"type": "symantec", "idList": ["SMNTC-108612"]}, {"type": "talosblog", "idList": ["TALOSBLOG:07D81B04EFE21AC0E3C8DD9F1F76E7A4", "TALOSBLOG:A2A267E7C20665C55127A15BC5B9F7BD"]}, {"type": "thn", "idList": ["THN:9B966D7333226606F54AD717A81F6D7E"]}, {"type": "threatpost", "idList": ["THREATPOST:040A4A9D0367AA2E807A97FB83D00240", "THREATPOST:32543D9C50E016B8E5F07112935E35F8", "THREATPOST:93C6C6F1F74B11C3D7F109589684DAED"]}, {"type": "zdi", "idList": ["ZDI-19-554", "ZDI-19-627", "ZDI-19-638", "ZDI-19-641", "ZDI-19-723"]}, {"type": "zdt", "idList": ["1337DAY-ID-32897"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-0620", "epss": "0.000950000", "percentile": "0.385650000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0713", "epss": "0.000430000", "percentile": "0.073900000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0722", "epss": "0.006870000", "percentile": "0.769950000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0888", "epss": "0.037990000", "percentile": "0.904520000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0904", "epss": "0.037990000", "percentile": "0.904520000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0905", "epss": "0.037990000", "percentile": "0.904520000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0906", "epss": "0.038950000", "percentile": "0.905580000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0907", "epss": "0.037990000", "percentile": "0.904520000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0908", "epss": "0.057740000", "percentile": "0.921790000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0909", "epss": "0.037990000", "percentile": "0.904520000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0920", "epss": "0.051200000", "percentile": "0.917020000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0941", "epss": "0.001930000", "percentile": "0.552660000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0943", "epss": "0.000420000", "percentile": "0.004980000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0948", "epss": "0.001090000", "percentile": "0.422660000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0972", "epss": "0.001530000", "percentile": "0.497640000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0973", "epss": "0.000430000", "percentile": "0.073900000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0974", "epss": "0.037990000", "percentile": "0.904520000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0984", "epss": "0.000430000", "percentile": "0.073900000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0986", "epss": "0.000660000", "percentile": "0.270140000", "modified": "2023-03-14"}, {"cve": "CVE-2019-0988", "epss": "0.034230000", "percentile": "0.899710000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1005", "epss": "0.022770000", "percentile": "0.879140000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1010", "epss": "0.282470000", "percentile": "0.961130000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1012", "epss": "0.282470000", "percentile": "0.961130000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1014", "epss": "0.000430000", "percentile": "0.073900000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1015", "epss": "0.282470000", "percentile": "0.961130000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1017", "epss": "0.000430000", "percentile": "0.073900000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1019", "epss": "0.005420000", "percentile": "0.738280000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1025", "epss": "0.002010000", "percentile": "0.561780000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1038", "epss": "0.022770000", "percentile": "0.879140000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1039", "epss": "0.000430000", "percentile": "0.073900000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1040", "epss": "0.448210000", "percentile": "0.967720000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1043", "epss": "0.019580000", "percentile": "0.868970000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1045", "epss": "0.000430000", "percentile": "0.073900000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1046", "epss": "0.001970000", "percentile": "0.558570000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1050", "epss": "0.282470000", "percentile": "0.961130000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1053", "epss": "0.002200000", "percentile": "0.581600000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1055", "epss": "0.022770000", "percentile": "0.879140000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1080", "epss": "0.022770000", "percentile": "0.879140000", "modified": "2023-03-14"}, {"cve": "CVE-2019-1081", "epss": "0.003980000", "percentile": "0.694380000", "modified": "2023-03-14"}], "vulnersScore": 1.0}, "_state": {"dependencies": 1673453919, "score": 1673453377, "epss": 1678887117}, "_internal": {"score_hash": "0a40e42f42d567e931018c7996cd8bb6"}, "pluginID": "125821", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125821);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-1005\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1015\",\n \"CVE-2019-1017\",\n \"CVE-2019-1019\",\n \"CVE-2019-1025\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1045\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1053\",\n \"CVE-2019-1055\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108570,\n 108577,\n 108581,\n 108583,\n 108584,\n 108585,\n 108586,\n 108591,\n 108594,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108607,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108624,\n 108627,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108648,\n 108650,\n 108651,\n 108654,\n 108655,\n 108656,\n 108666,\n 108667,\n 108668,\n 108669,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503263\");\n script_xref(name:\"MSKB\", value:\"4503285\");\n script_xref(name:\"MSFT\", value:\"MS19-4503263\");\n script_xref(name:\"MSFT\", value:\"MS19-4503285\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503263: Windows Server 2012 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503263\nor cumulative update 4503285. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0713)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network File System (NFS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1045)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1015,\n CVE-2019-1046, CVE-2019-1050)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503263/windows-server-2012-update-kb4503263\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?11b6c66e\");\n # https://support.microsoft.com/en-us/help/4503285/windows-server-2012-kb4503285\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6f9d59c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4503263 or Cumulative Update KB4503285.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503285', '4503263');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503285, 4503263])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Apply Security Only update KB4503263 or Cumulative Update KB4503285.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2019-0974", "vendor_cvss2": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2019-06-11T00:00:00", "vulnerabilityPublicationDate": "2019-06-11T00:00:00", "exploitableWith": []}

{"openvas": [{"lastseen": "2020-07-21T20:40:42", "description": "This host is missing a critical security\n update according to Microsoft KB4503276", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1019", "CVE-2019-0943", "CVE-2019-0908", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-0710", "CVE-2019-1039", "CVE-2019-1045", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-0905", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0920", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0711", "CVE-2019-1014"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815210", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815210\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0620\", \"CVE-2019-0710\", \"CVE-2019-0711\", \"CVE-2019-0713\",\n \"CVE-2019-0722\", \"CVE-2019-0888\", \"CVE-2019-0904\", \"CVE-2019-0905\",\n \"CVE-2019-0906\", \"CVE-2019-0907\", \"CVE-2019-0908\", \"CVE-2019-0909\",\n \"CVE-2019-0920\", \"CVE-2019-0941\", \"CVE-2019-0943\", \"CVE-2019-0948\",\n \"CVE-2019-0972\", \"CVE-2019-0973\", \"CVE-2019-0974\", \"CVE-2019-0984\",\n \"CVE-2019-0986\", \"CVE-2019-0988\", \"CVE-2019-1005\", \"CVE-2019-1010\",\n \"CVE-2019-1012\", \"CVE-2019-1014\", \"CVE-2019-1017\", \"CVE-2019-1019\",\n \"CVE-2019-1025\", \"CVE-2019-1028\", \"CVE-2019-1038\", \"CVE-2019-1039\",\n \"CVE-2019-1040\", \"CVE-2019-1043\", \"CVE-2019-1045\", \"CVE-2019-1046\",\n \"CVE-2019-1050\", \"CVE-2019-1053\", \"CVE-2019-1055\", \"CVE-2019-1080\",\n \"CVE-2019-1081\", \"CVE-2019-2102\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 11:42:30 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503276)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503276\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - ActiveX Data Objects (ADO) improperly handle objects in memory.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n an authenticated user on a guest operating system.\n\n - Windows Installer fails to properly sanitize input.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects\n in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code, elevate privileges by escaping a\n sandbox, gain access to sensitive information, run processes and\n delete files and folders in an elevated context.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503276\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Inetcomm.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_is_less(version:dllVer, test_version:\"6.3.9600.19377\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Inetcomm.dll\",\n file_version:dllVer, vulnerable_range:\"Less than 6.3.9600.19377\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:45", "description": "This host is missing a critical security\n update according to Microsoft KB4503292", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503292)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1019", "CVE-2019-1048", "CVE-2019-0977", "CVE-2019-0943", "CVE-2017-8533", "CVE-2019-0908", "CVE-2019-1011", "CVE-2019-0974", "CVE-2019-1016", "CVE-2019-0906", "CVE-2019-1039", "CVE-2019-1045", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-0905", "CVE-2019-0909", "CVE-2019-0960", "CVE-2019-1013", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-1053", "CVE-2019-1049", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0920", "CVE-2019-1047", "CVE-2019-0985", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1009", "CVE-2019-1028", "CVE-2019-0968", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1015", "CVE-2019-1025", "CVE-2019-1014"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815208", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815208\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2017-8533\", \"CVE-2019-0713\", \"CVE-2019-0722\", \"CVE-2019-0888\",\n \"CVE-2019-0904\", \"CVE-2019-0905\", \"CVE-2019-0906\", \"CVE-2019-0907\",\n \"CVE-2019-0908\", \"CVE-2019-0909\", \"CVE-2019-0920\", \"CVE-2019-0941\",\n \"CVE-2019-0943\", \"CVE-2019-0948\", \"CVE-2019-0960\", \"CVE-2019-0968\",\n \"CVE-2019-0972\", \"CVE-2019-0973\", \"CVE-2019-0974\", \"CVE-2019-0977\",\n \"CVE-2019-0984\", \"CVE-2019-0985\", \"CVE-2019-0986\", \"CVE-2019-0988\",\n \"CVE-2019-1005\", \"CVE-2019-1009\", \"CVE-2019-1010\", \"CVE-2019-1011\",\n \"CVE-2019-1012\", \"CVE-2019-1013\", \"CVE-2019-1014\", \"CVE-2019-1015\",\n \"CVE-2019-1016\", \"CVE-2019-1017\", \"CVE-2019-1019\", \"CVE-2019-1025\",\n \"CVE-2019-1028\", \"CVE-2019-1038\", \"CVE-2019-1039\", \"CVE-2019-1040\",\n \"CVE-2019-1043\", \"CVE-2019-1045\", \"CVE-2019-1046\", \"CVE-2019-1047\",\n \"CVE-2019-1048\", \"CVE-2019-1049\", \"CVE-2019-1053\", \"CVE-2019-1055\",\n \"CVE-2019-1080\", \"CVE-2019-1081\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 11:02:18 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503292)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503292\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows Event Viewer (eventvwr.msc) improperly parses XML input\n containing a reference to an external entity.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input.\n\n - Windows GDI component improperly discloses the contents of its\n memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code, elevate privileges by escaping a\n sandbox, gain access to sensitive information, run processes and\n delete files and folders in an elevated context.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503292/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Ntdll.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_is_less(version:dllVer, test_version:\"6.1.7601.24475\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Ntdll.dll\",\n file_version:dllVer, vulnerable_range:\"Less than 6.1.7601.24475\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:55", "description": "This host is missing a critical security\n update according to Microsoft KB4503291", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503291)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1019", "CVE-2019-0943", "CVE-2019-1007", "CVE-2019-1018", "CVE-2019-0908", "CVE-2019-0989", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-0710", "CVE-2019-1039", "CVE-2019-1045", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-0905", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0709", "CVE-2019-0986", "CVE-2019-1003", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1051", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-0991", "CVE-2019-1069", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0920", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-1002", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0711", "CVE-2019-0990", "CVE-2019-1014", "CVE-2019-1023", "CVE-2019-1052"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815205", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815205", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815205\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0974\", \"CVE-2019-0984\", \"CVE-2019-1050\", \"CVE-2019-1051\",\n \"CVE-2019-1052\", \"CVE-2019-0620\", \"CVE-2019-0709\", \"CVE-2019-0710\",\n \"CVE-2019-1010\", \"CVE-2019-1012\", \"CVE-2019-0711\", \"CVE-2019-0713\",\n \"CVE-2019-0722\", \"CVE-2019-1014\", \"CVE-2019-0888\", \"CVE-2019-0904\",\n \"CVE-2019-0905\", \"CVE-2019-1017\", \"CVE-2019-1018\", \"CVE-2019-1019\",\n \"CVE-2019-0906\", \"CVE-2019-0907\", \"CVE-2019-1023\", \"CVE-2019-1025\",\n \"CVE-2019-0908\", \"CVE-2019-0909\", \"CVE-2019-1028\", \"CVE-2019-0920\",\n \"CVE-2019-0941\", \"CVE-2019-0943\", \"CVE-2019-1038\", \"CVE-2019-1039\",\n \"CVE-2019-0948\", \"CVE-2019-1040\", \"CVE-2019-1043\", \"CVE-2019-0972\",\n \"CVE-2019-0973\", \"CVE-2019-1045\", \"CVE-2019-1046\", \"CVE-2019-0986\",\n \"CVE-2019-0988\", \"CVE-2019-0989\", \"CVE-2019-1053\", \"CVE-2019-1055\",\n \"CVE-2019-0990\", \"CVE-2019-0991\", \"CVE-2019-0992\", \"CVE-2019-0993\",\n \"CVE-2019-1069\", \"CVE-2019-1080\", \"CVE-2019-1081\", \"CVE-2019-1002\",\n \"CVE-2019-1003\", \"CVE-2019-1005\", \"CVE-2019-1007\", \"CVE-2019-2102\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 09:29:24 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503291)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503291\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improperly initializes objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - ActiveX Data Objects (ADO) improperly handle objects in memory.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its\n memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code in kernel mode, elevate privileges\n by escaping a sandbox, gain access to sensitive information, run processes\n and delete files and folders in an elevated context.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503291\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18243\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18243\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:57", "description": "This host is missing a critical security\n update according to Microsoft KB4503279", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1019", "CVE-2019-0943", "CVE-2019-1007", "CVE-2019-1018", "CVE-2019-0908", "CVE-2019-0983", "CVE-2019-0989", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-0710", "CVE-2019-1039", "CVE-2019-1045", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-0905", "CVE-2019-1064", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0709", "CVE-2019-0986", "CVE-2019-1003", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1021", "CVE-2019-1051", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-0991", "CVE-2019-1069", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0920", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-1002", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0711", "CVE-2019-0990", "CVE-2019-1014", "CVE-2019-1023", "CVE-2019-1054", "CVE-2019-1024", "CVE-2019-1052"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815086", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815086\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-2102\", \"CVE-2019-0620\", \"CVE-2019-0709\", \"CVE-2019-0710\",\n \"CVE-2019-0711\", \"CVE-2019-0713\", \"CVE-2019-0722\", \"CVE-2019-0888\",\n \"CVE-2019-0904\", \"CVE-2019-0905\", \"CVE-2019-0906\", \"CVE-2019-0907\",\n \"CVE-2019-0908\", \"CVE-2019-0909\", \"CVE-2019-0920\", \"CVE-2019-0941\",\n \"CVE-2019-0943\", \"CVE-2019-0948\", \"CVE-2019-0972\", \"CVE-2019-0973\",\n \"CVE-2019-0974\", \"CVE-2019-0983\", \"CVE-2019-0984\", \"CVE-2019-0986\",\n \"CVE-2019-0988\", \"CVE-2019-0989\", \"CVE-2019-0990\", \"CVE-2019-0991\",\n \"CVE-2019-0992\", \"CVE-2019-0993\", \"CVE-2019-1002\", \"CVE-2019-1003\",\n \"CVE-2019-1005\", \"CVE-2019-1007\", \"CVE-2019-1010\", \"CVE-2019-1012\",\n \"CVE-2019-1014\", \"CVE-2019-1017\", \"CVE-2019-1018\", \"CVE-2019-1019\",\n \"CVE-2019-1021\", \"CVE-2019-1023\", \"CVE-2019-1024\", \"CVE-2019-1025\",\n \"CVE-2019-1028\", \"CVE-2019-1038\", \"CVE-2019-1039\", \"CVE-2019-1040\",\n \"CVE-2019-1043\", \"CVE-2019-1045\", \"CVE-2019-1046\", \"CVE-2019-1050\",\n \"CVE-2019-1051\", \"CVE-2019-1052\", \"CVE-2019-1053\", \"CVE-2019-1054\",\n \"CVE-2019-1055\", \"CVE-2019-1064\", \"CVE-2019-1069\", \"CVE-2019-1080\",\n \"CVE-2019-1081\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 08:59:34 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503279)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503279\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly initializes objects in memory.\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system, escalate privileges, bypass\n security restrictions, disclose sensitive information and cause a denial of\n service condition on a victim system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503279\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1867\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1867\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:54", "description": "This host is missing a critical security\n update according to Microsoft KB4503267", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503267)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1019", "CVE-2019-0943", "CVE-2019-1007", "CVE-2019-1018", "CVE-2019-0908", "CVE-2019-0983", "CVE-2019-0989", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-0710", "CVE-2019-1039", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-0905", "CVE-2019-1064", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0709", "CVE-2019-0986", "CVE-2019-1003", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1051", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-0991", "CVE-2019-1069", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0920", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-1002", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0711", "CVE-2019-0990", "CVE-2019-1014", "CVE-2019-1023", "CVE-2019-1054", "CVE-2019-1052"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815207", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815207\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0974\", \"CVE-2019-0983\", \"CVE-2019-0984\", \"CVE-2019-1050\",\n \"CVE-2019-1051\", \"CVE-2019-1052\", \"CVE-2019-0620\", \"CVE-2019-0709\",\n \"CVE-2019-0710\", \"CVE-2019-1010\", \"CVE-2019-1012\", \"CVE-2019-0711\",\n \"CVE-2019-0713\", \"CVE-2019-0722\", \"CVE-2019-1014\", \"CVE-2019-0888\",\n \"CVE-2019-0904\", \"CVE-2019-0905\", \"CVE-2019-1017\", \"CVE-2019-1018\",\n \"CVE-2019-1019\", \"CVE-2019-0906\", \"CVE-2019-0907\", \"CVE-2019-1023\",\n \"CVE-2019-1025\", \"CVE-2019-0908\", \"CVE-2019-0909\", \"CVE-2019-1028\",\n \"CVE-2019-0920\", \"CVE-2019-0941\", \"CVE-2019-0943\", \"CVE-2019-1038\",\n \"CVE-2019-1039\", \"CVE-2019-0948\", \"CVE-2019-1040\", \"CVE-2019-1043\",\n \"CVE-2019-0972\", \"CVE-2019-0973\", \"CVE-2019-1046\", \"CVE-2019-0986\",\n \"CVE-2019-0988\", \"CVE-2019-0989\", \"CVE-2019-1053\", \"CVE-2019-1054\",\n \"CVE-2019-1055\", \"CVE-2019-1064\", \"CVE-2019-0990\", \"CVE-2019-0991\",\n \"CVE-2019-0992\", \"CVE-2019-0993\", \"CVE-2019-1069\", \"CVE-2019-1080\",\n \"CVE-2019-1081\", \"CVE-2019-1002\", \"CVE-2019-1003\", \"CVE-2019-1005\",\n \"CVE-2019-1007\", \"CVE-2019-2102\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 09:37:10 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503267)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503267\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly initializes objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - ActiveX Data Objects (ADO) improerly handle objects in memory.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Task Scheduler Service improperly validates certain file operations.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code in kernel mode, elevate privileges\n by escaping a sandbox, gain access to sensitive information, run\n processes and delete files and folders in an elevated context.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503267\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.3023\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.3023\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:41", "description": "This host is missing a critical security\n update according to Microsoft KB4503293", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503293)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1065", "CVE-2019-1019", "CVE-2019-0943", "CVE-2019-1007", "CVE-2019-1026", "CVE-2019-0908", "CVE-2019-0998", "CVE-2019-0983", "CVE-2019-0989", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-1039", "CVE-2019-0948", "CVE-2019-1005", "CVE-2019-1027", "CVE-2019-0905", "CVE-2019-1022", "CVE-2019-1064", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0986", "CVE-2019-1003", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1021", "CVE-2019-1051", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-0991", "CVE-2019-1069", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0992", "CVE-2019-1041", "CVE-2019-0993", "CVE-2019-0920", "CVE-2019-0959", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0990", "CVE-2019-1014", "CVE-2019-1023", "CVE-2019-1054", "CVE-2019-1024", "CVE-2019-1052"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815085", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815085\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-2102\", \"CVE-2019-0620\", \"CVE-2019-0722\", \"CVE-2019-0888\",\n \"CVE-2019-0904\", \"CVE-2019-0905\", \"CVE-2019-0906\", \"CVE-2019-0907\",\n \"CVE-2019-0908\", \"CVE-2019-0909\", \"CVE-2019-0920\", \"CVE-2019-0941\",\n \"CVE-2019-0943\", \"CVE-2019-0948\", \"CVE-2019-0959\", \"CVE-2019-0972\",\n \"CVE-2019-0973\", \"CVE-2019-0974\", \"CVE-2019-0983\", \"CVE-2019-0984\",\n \"CVE-2019-0986\", \"CVE-2019-0988\", \"CVE-2019-0989\", \"CVE-2019-0990\",\n \"CVE-2019-0991\", \"CVE-2019-0992\", \"CVE-2019-0993\", \"CVE-2019-0998\",\n \"CVE-2019-1003\", \"CVE-2019-1005\", \"CVE-2019-1007\", \"CVE-2019-1010\",\n \"CVE-2019-1012\", \"CVE-2019-1014\", \"CVE-2019-1017\", \"CVE-2019-1019\",\n \"CVE-2019-1021\", \"CVE-2019-1022\", \"CVE-2019-1023\", \"CVE-2019-1024\",\n \"CVE-2019-1025\", \"CVE-2019-1026\", \"CVE-2019-1027\", \"CVE-2019-1028\",\n \"CVE-2019-1038\", \"CVE-2019-1039\", \"CVE-2019-1040\", \"CVE-2019-1041\",\n \"CVE-2019-1043\", \"CVE-2019-1046\", \"CVE-2019-1050\", \"CVE-2019-1051\",\n \"CVE-2019-1052\", \"CVE-2019-1053\", \"CVE-2019-1054\", \"CVE-2019-1055\",\n \"CVE-2019-1064\", \"CVE-2019-1065\", \"CVE-2019-1069\", \"CVE-2019-1080\",\n \"CVE-2019-1081\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 08:40:30 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503293)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503293\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly initializes objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - ActiveX Data Objects (ADO) improperly handle objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n - A misconfiguration in the Bluetooth pairing protocols\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system, escalate privileges, bypass\n security restrictions, disclose sensitive information and cause a denial of\n service condition on a victim system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503293\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.18362.0\", test_version2:\"11.0.18362.174\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.18362.0 - 11.0.18362.174\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:47", "description": "This host is missing a critical security\n update according to Microsoft KB4503284", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503284)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1019", "CVE-2019-0943", "CVE-2019-1007", "CVE-2019-1018", "CVE-2019-0908", "CVE-2019-0998", "CVE-2019-0983", "CVE-2019-0989", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-0710", "CVE-2019-1039", "CVE-2019-1045", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-1027", "CVE-2019-0905", "CVE-2019-1064", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0709", "CVE-2019-0986", "CVE-2019-1003", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1021", "CVE-2019-1051", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-0991", "CVE-2019-1069", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0920", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-1002", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0711", "CVE-2019-0990", "CVE-2019-1014", "CVE-2019-1023", "CVE-2019-1054", "CVE-2019-1024", "CVE-2019-1052"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815087", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815087\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0620\", \"CVE-2019-0709\", \"CVE-2019-0710\", \"CVE-2019-0711\",\n \"CVE-2019-0713\", \"CVE-2019-0722\", \"CVE-2019-0888\", \"CVE-2019-0904\",\n \"CVE-2019-0905\", \"CVE-2019-0906\", \"CVE-2019-0907\", \"CVE-2019-0908\",\n \"CVE-2019-0909\", \"CVE-2019-0920\", \"CVE-2019-0941\", \"CVE-2019-0943\",\n \"CVE-2019-0948\", \"CVE-2019-0972\", \"CVE-2019-0973\", \"CVE-2019-0974\",\n \"CVE-2019-0983\", \"CVE-2019-0984\", \"CVE-2019-0986\", \"CVE-2019-0988\",\n \"CVE-2019-0989\", \"CVE-2019-0990\", \"CVE-2019-0991\", \"CVE-2019-0992\",\n \"CVE-2019-0993\", \"CVE-2019-0998\", \"CVE-2019-1002\", \"CVE-2019-1003\",\n \"CVE-2019-1005\", \"CVE-2019-1007\", \"CVE-2019-1010\", \"CVE-2019-1012\",\n \"CVE-2019-1014\", \"CVE-2019-1017\", \"CVE-2019-1018\", \"CVE-2019-1019\",\n \"CVE-2019-1021\", \"CVE-2019-1023\", \"CVE-2019-1024\", \"CVE-2019-1025\",\n \"CVE-2019-1027\", \"CVE-2019-1028\", \"CVE-2019-1038\", \"CVE-2019-1039\",\n \"CVE-2019-1040\", \"CVE-2019-1043\", \"CVE-2019-1045\", \"CVE-2019-1046\",\n \"CVE-2019-1050\", \"CVE-2019-1051\", \"CVE-2019-1052\", \"CVE-2019-1053\",\n \"CVE-2019-1054\", \"CVE-2019-1055\", \"CVE-2019-1064\", \"CVE-2019-1069\",\n \"CVE-2019-1080\", \"CVE-2019-1081\", \"CVE-2019-2102\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 09:25:15 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503284)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503284\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly initializes objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft\n Edge.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from a\n privileged user on a guest operating system.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system, escalate privileges, bypass\n security restrictions, disclose sensitive information and cause a denial of\n service condition on a victim system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503284\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1216\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1216\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:58", "description": "This host is missing a critical security\n update according to Microsoft KB4503286", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503286)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1065", "CVE-2019-1019", "CVE-2019-0943", "CVE-2019-1007", "CVE-2019-1026", "CVE-2019-1018", "CVE-2019-0908", "CVE-2019-0998", "CVE-2019-0983", "CVE-2019-0989", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-0710", "CVE-2019-1039", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-1027", "CVE-2019-0905", "CVE-2019-1064", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0986", "CVE-2019-1003", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-1040", "CVE-2019-1021", "CVE-2019-1051", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-0991", "CVE-2019-1069", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0992", "CVE-2019-1041", "CVE-2019-0993", "CVE-2019-0920", "CVE-2019-0959", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-1002", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0711", "CVE-2019-0990", "CVE-2019-1014", "CVE-2019-1023", "CVE-2019-1054", "CVE-2019-1024", "CVE-2019-1052"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815206", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815206", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815206\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0974\", \"CVE-2019-0983\", \"CVE-2019-0984\", \"CVE-2019-1050\",\n \"CVE-2019-1051\", \"CVE-2019-1052\", \"CVE-2019-0620\", \"CVE-2019-0710\",\n \"CVE-2019-1010\", \"CVE-2019-1012\", \"CVE-2019-0711\", \"CVE-2019-0713\",\n \"CVE-2019-0722\", \"CVE-2019-1014\", \"CVE-2019-0888\", \"CVE-2019-0904\",\n \"CVE-2019-1017\", \"CVE-2019-1018\", \"CVE-2019-1019\", \"CVE-2019-0905\",\n \"CVE-2019-0906\", \"CVE-2019-0907\", \"CVE-2019-1021\", \"CVE-2019-1023\",\n \"CVE-2019-1024\", \"CVE-2019-1025\", \"CVE-2019-0908\", \"CVE-2019-0909\",\n \"CVE-2019-1026\", \"CVE-2019-1027\", \"CVE-2019-1028\", \"CVE-2019-0920\",\n \"CVE-2019-0941\", \"CVE-2019-0943\", \"CVE-2019-1038\", \"CVE-2019-1039\",\n \"CVE-2019-0948\", \"CVE-2019-0959\", \"CVE-2019-1040\", \"CVE-2019-1041\",\n \"CVE-2019-1043\", \"CVE-2019-0972\", \"CVE-2019-0973\", \"CVE-2019-1046\",\n \"CVE-2019-0986\", \"CVE-2019-0988\", \"CVE-2019-0989\", \"CVE-2019-1053\",\n \"CVE-2019-1054\", \"CVE-2019-1055\", \"CVE-2019-1064\", \"CVE-2019-0990\",\n \"CVE-2019-0991\", \"CVE-2019-0992\", \"CVE-2019-0993\", \"CVE-2019-0998\",\n \"CVE-2019-1065\", \"CVE-2019-1069\", \"CVE-2019-1080\", \"CVE-2019-1081\",\n \"CVE-2019-1002\", \"CVE-2019-1003\", \"CVE-2019-1005\", \"CVE-2019-1007\",\n \"CVE-2019-2102\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 09:25:27 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503286)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503286\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows kernel improper initializes objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - ActiveX Data Objects (ADO) improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles\n objects in memory.\n\n - Scripting engine does not properly handle objects in memory in\n Microsoft Edge.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode, cause denial of service, gain elevated\n privileges, delete files and folders in an elevated context, and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503286\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.828\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.828\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:53", "description": "This host is missing a critical security\n update according to Microsoft KB4503327", "cvss3": {}, "published": "2019-06-12T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4503327)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1065", "CVE-2019-1019", "CVE-2019-0943", "CVE-2019-1007", "CVE-2019-1026", "CVE-2019-1018", "CVE-2019-1044", "CVE-2019-0908", "CVE-2019-0998", "CVE-2019-0983", "CVE-2019-0989", "CVE-2019-0974", "CVE-2019-0906", "CVE-2019-0710", "CVE-2019-1039", "CVE-2019-9502", "CVE-2019-0948", "CVE-2019-0713", "CVE-2019-1005", "CVE-2019-1027", "CVE-2019-0905", "CVE-2019-1022", "CVE-2019-1064", "CVE-2019-0909", "CVE-2019-1050", "CVE-2019-0986", "CVE-2019-1003", "CVE-2019-0988", "CVE-2019-1055", "CVE-2019-9500", "CVE-2019-1040", "CVE-2019-1021", "CVE-2019-1051", "CVE-2019-1038", "CVE-2019-0984", "CVE-2019-0888", "CVE-2019-0941", "CVE-2019-0620", "CVE-2019-9503", "CVE-2019-1081", "CVE-2019-0972", "CVE-2019-1017", "CVE-2019-1080", "CVE-2019-0991", "CVE-2019-1069", "CVE-2019-1053", "CVE-2019-0907", "CVE-2019-1012", "CVE-2019-0992", "CVE-2019-1041", "CVE-2019-0993", "CVE-2019-0920", "CVE-2019-0959", "CVE-2019-9501", "CVE-2019-0722", "CVE-2019-1043", "CVE-2019-2102", "CVE-2019-1010", "CVE-2019-1046", "CVE-2019-1028", "CVE-2019-0904", "CVE-2019-0973", "CVE-2019-1025", "CVE-2019-0711", "CVE-2019-0990", "CVE-2019-1014", "CVE-2019-1023", "CVE-2019-1054", "CVE-2019-1024", "CVE-2019-1052"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815088", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815088\");\n script_version(\"2020-07-17T06:09:49+0000\");\n script_cve_id(\"CVE-2019-0620\", \"CVE-2019-0710\", \"CVE-2019-0711\", \"CVE-2019-0713\",\n \"CVE-2019-0722\", \"CVE-2019-0888\", \"CVE-2019-0904\", \"CVE-2019-0905\",\n \"CVE-2019-0906\", \"CVE-2019-0907\", \"CVE-2019-0908\", \"CVE-2019-0909\",\n \"CVE-2019-0920\", \"CVE-2019-0941\", \"CVE-2019-0943\", \"CVE-2019-0948\",\n \"CVE-2019-0959\", \"CVE-2019-0972\", \"CVE-2019-0973\", \"CVE-2019-0974\",\n \"CVE-2019-0983\", \"CVE-2019-0984\", \"CVE-2019-0986\", \"CVE-2019-0988\",\n \"CVE-2019-0989\", \"CVE-2019-0990\", \"CVE-2019-0991\", \"CVE-2019-0992\",\n \"CVE-2019-0993\", \"CVE-2019-0998\", \"CVE-2019-1003\", \"CVE-2019-1005\",\n \"CVE-2019-1007\", \"CVE-2019-1010\", \"CVE-2019-1012\", \"CVE-2019-1014\",\n \"CVE-2019-1017\", \"CVE-2019-1018\", \"CVE-2019-1019\", \"CVE-2019-1021\",\n \"CVE-2019-1022\", \"CVE-2019-1023\", \"CVE-2019-1024\", \"CVE-2019-1025\",\n \"CVE-2019-1026\", \"CVE-2019-1027\", \"CVE-2019-1028\", \"CVE-2019-1038\",\n \"CVE-2019-1039\", \"CVE-2019-1040\", \"CVE-2019-1041\", \"CVE-2019-1043\",\n \"CVE-2019-1044\", \"CVE-2019-1046\", \"CVE-2019-1050\", \"CVE-2019-1051\",\n \"CVE-2019-1052\", \"CVE-2019-1053\", \"CVE-2019-1054\", \"CVE-2019-1055\",\n \"CVE-2019-1064\", \"CVE-2019-1065\", \"CVE-2019-1069\", \"CVE-2019-1080\",\n \"CVE-2019-1081\", \"CVE-2019-2102\", \"CVE-2019-9500\", \"CVE-2019-9501\",\n \"CVE-2019-9502\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 06:09:49 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-12 09:36:13 +0530 (Wed, 12 Jun 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4503327)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4503327\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows kernel improperly initializes objects in memory.\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows AppX Deployment Service (AppXSVC) improperly handles hard links.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system, escalate privileges, bypass\n security restrictions, disclose sensitive information and cause a denial of\n service condition on a victim system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4503327\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.556\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.556\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T15:17:31", "description": "The remote Windows host is missing security update 4503290 or cumulative update 4503276. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503290: Windows 8.1 and Windows Server 2012 R2 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1025", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_JUN_4503276.NASL", "href": "https://www.tenable.com/plugins/nessus/125818", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125818);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0710\",\n \"CVE-2019-0711\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-1005\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1019\",\n \"CVE-2019-1025\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1045\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1053\",\n \"CVE-2019-1055\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108570,\n 108577,\n 108581,\n 108583,\n 108584,\n 108585,\n 108586,\n 108591,\n 108594,\n 108597,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108607,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108624,\n 108630,\n 108632,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108648,\n 108650,\n 108651,\n 108654,\n 108655,\n 108656,\n 108666,\n 108667,\n 108668,\n 108669,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503276\");\n script_xref(name:\"MSKB\", value:\"4503290\");\n script_xref(name:\"MSFT\", value:\"MS19-4503276\");\n script_xref(name:\"MSFT\", value:\"MS19-4503290\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503290: Windows 8.1 and Windows Server 2012 R2 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503290\nor cumulative update 4503276. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network File System (NFS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503276/june-11-2019-kb4503276-os-build-monthly-rollup\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?953a7c84\");\n # https://support.microsoft.com/en-us/help/4503290/windows-8-1-update-kb4503290\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dd73841\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4503290 or Cumulative Update KB4503276.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503276', '4503290');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503276, 4503290])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:17:09", "description": "The remote Windows host is missing security update 4503269 or cumulative update 4503292. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0722)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0713)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1045)\n\n - A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to- speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.\n (CVE-2019-0985)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0960, CVE-2019-1014, CVE-2019-1017)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503269: Windows 7 and Windows Server 2008 R2 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0960", "CVE-2019-0968", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0977", "CVE-2019-0984", "CVE-2019-0985", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1025", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_JUN_4503292.NASL", "href": "https://www.tenable.com/plugins/nessus/125824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125824);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0960\",\n \"CVE-2019-0968\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0977\",\n \"CVE-2019-0984\",\n \"CVE-2019-0985\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-1005\",\n \"CVE-2019-1009\",\n \"CVE-2019-1010\",\n \"CVE-2019-1011\",\n \"CVE-2019-1012\",\n \"CVE-2019-1013\",\n \"CVE-2019-1014\",\n \"CVE-2019-1015\",\n \"CVE-2019-1016\",\n \"CVE-2019-1017\",\n \"CVE-2019-1019\",\n \"CVE-2019-1025\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1045\",\n \"CVE-2019-1046\",\n \"CVE-2019-1047\",\n \"CVE-2019-1048\",\n \"CVE-2019-1049\",\n \"CVE-2019-1053\",\n \"CVE-2019-1055\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108570,\n 108577,\n 108581,\n 108582,\n 108583,\n 108584,\n 108585,\n 108586,\n 108591,\n 108594,\n 108597,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108609,\n 108612,\n 108613,\n 108614,\n 108616,\n 108620,\n 108623,\n 108624,\n 108626,\n 108627,\n 108631,\n 108633,\n 108634,\n 108635,\n 108636,\n 108639,\n 108641,\n 108642,\n 108643,\n 108644,\n 108646,\n 108648,\n 108650,\n 108651,\n 108654,\n 108655,\n 108656,\n 108666,\n 108667,\n 108668,\n 108669,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503269\");\n script_xref(name:\"MSKB\", value:\"4503292\");\n script_xref(name:\"MSFT\", value:\"MS19-4503269\");\n script_xref(name:\"MSFT\", value:\"MS19-4503292\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503269: Windows 7 and Windows Server 2008 R2 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503269\nor cumulative update 4503292. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009,\n CVE-2019-1010, CVE-2019-1011, CVE-2019-1012,\n CVE-2019-1013, CVE-2019-1015, CVE-2019-1016,\n CVE-2019-1046, CVE-2019-1047, CVE-2019-1048,\n CVE-2019-1049)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0722)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0713)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network File System (NFS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1045)\n\n - A remote code execution vulnerability exists when the\n Microsoft Speech API (SAPI) improperly handles text-to-\n speech (TTS) input. The vulnerability could corrupt\n memory in a way that enables an attacker to execute\n arbitrary code in the context of the current user.\n (CVE-2019-0985)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0960, CVE-2019-1014,\n CVE-2019-1017)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503269/windows-7-update-kb4503269\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16b76640\");\n # https://support.microsoft.com/en-us/help/4503292/windows-7-update-kb4503292\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c09dd7d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4503269 or Cumulative Update KB4503292.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503292', '4503269');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503292, 4503269])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:35", "description": "The remote Windows host is missing security update 4503287 or cumulative update 4503273. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0960, CVE-2019-1014, CVE-2019-1017)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0713)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0722)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503287: Windows Server 2008 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0948", "CVE-2019-0960", "CVE-2019-0968", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0977", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-1005", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1025", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_JUN_4503273.NASL", "href": "https://www.tenable.com/plugins/nessus/125817", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125817);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0948\",\n \"CVE-2019-0960\",\n \"CVE-2019-0968\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0977\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-1005\",\n \"CVE-2019-1009\",\n \"CVE-2019-1010\",\n \"CVE-2019-1011\",\n \"CVE-2019-1012\",\n \"CVE-2019-1013\",\n \"CVE-2019-1014\",\n \"CVE-2019-1015\",\n \"CVE-2019-1016\",\n \"CVE-2019-1017\",\n \"CVE-2019-1019\",\n \"CVE-2019-1025\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1046\",\n \"CVE-2019-1047\",\n \"CVE-2019-1048\",\n \"CVE-2019-1049\",\n \"CVE-2019-1053\",\n \"CVE-2019-1055\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108570,\n 108577,\n 108581,\n 108582,\n 108583,\n 108585,\n 108586,\n 108591,\n 108594,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108609,\n 108612,\n 108613,\n 108614,\n 108616,\n 108620,\n 108623,\n 108624,\n 108626,\n 108627,\n 108631,\n 108633,\n 108634,\n 108635,\n 108636,\n 108639,\n 108641,\n 108642,\n 108644,\n 108648,\n 108650,\n 108651,\n 108654,\n 108655,\n 108666,\n 108668,\n 108669,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503287\");\n script_xref(name:\"MSKB\", value:\"4503273\");\n script_xref(name:\"MSFT\", value:\"MS19-4503287\");\n script_xref(name:\"MSFT\", value:\"MS19-4503273\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503287: Windows Server 2008 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503287\nor cumulative update 4503273. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0960, CVE-2019-1014,\n CVE-2019-1017)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0713)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0722)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0968, CVE-2019-0977, CVE-2019-1009,\n CVE-2019-1010, CVE-2019-1011, CVE-2019-1012,\n CVE-2019-1013, CVE-2019-1015, CVE-2019-1016,\n CVE-2019-1046, CVE-2019-1047, CVE-2019-1048,\n CVE-2019-1049)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\");\n # https://support.microsoft.com/en-us/help/4503287/windows-server-2008-update-kb4503287\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5718bf96\");\n # https://support.microsoft.com/en-us/help/4503273/windows-server-2008-update-kb4503273\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd8cfdad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4503287 or Cumulative Update KB4503273.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503287', '4503273');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503287, 4503273])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:14", "description": "The remote Windows host is missing security update 4503291.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0990, CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1051, CVE-2019-1052)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1007, CVE-2019-1028)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2019-1069)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503291: Windows 10 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-1002", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1023", "CVE-2019-1025", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1069", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JUN_4503291.NASL", "href": "https://www.tenable.com/plugins/nessus/125823", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125823);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0709\",\n \"CVE-2019-0710\",\n \"CVE-2019-0711\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-0989\",\n \"CVE-2019-0990\",\n \"CVE-2019-0991\",\n \"CVE-2019-0992\",\n \"CVE-2019-0993\",\n \"CVE-2019-1002\",\n \"CVE-2019-1003\",\n \"CVE-2019-1005\",\n \"CVE-2019-1007\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1018\",\n \"CVE-2019-1019\",\n \"CVE-2019-1023\",\n \"CVE-2019-1025\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1045\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1051\",\n \"CVE-2019-1052\",\n \"CVE-2019-1053\",\n \"CVE-2019-1055\",\n \"CVE-2019-1069\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108567,\n 108570,\n 108577,\n 108581,\n 108583,\n 108584,\n 108585,\n 108586,\n 108588,\n 108591,\n 108594,\n 108597,\n 108598,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108607,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108621,\n 108624,\n 108630,\n 108632,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108648,\n 108650,\n 108651,\n 108654,\n 108655,\n 108656,\n 108657,\n 108658,\n 108659,\n 108660,\n 108661,\n 108662,\n 108664,\n 108665,\n 108666,\n 108667,\n 108668,\n 108669,\n 108670,\n 108671,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503291\");\n script_xref(name:\"MSFT\", value:\"MS19-4503291\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503291: Windows 10 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503291.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0990,\n CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0989, CVE-2019-0991,\n CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,\n CVE-2019-1003, CVE-2019-1051, CVE-2019-1052)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0709,\n CVE-2019-0722)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1007, CVE-2019-1028)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network File System (NFS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the\n way the Task Scheduler Service validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2019-1069)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503291/windows-10-update-kb4503291\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2306fc04\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4503291.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503291');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503291])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:35", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (June 2019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0920", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1038", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_JUN_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/125828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125828);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0920\",\n \"CVE-2019-0988\",\n \"CVE-2019-1005\",\n \"CVE-2019-1038\",\n \"CVE-2019-1055\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_xref(name:\"MSKB\", value:\"4503259\");\n script_xref(name:\"MSKB\", value:\"4503273\");\n script_xref(name:\"MSKB\", value:\"4503276\");\n script_xref(name:\"MSKB\", value:\"4503285\");\n script_xref(name:\"MSKB\", value:\"4503292\");\n script_xref(name:\"MSFT\", value:\"MS19-4503259\");\n script_xref(name:\"MSFT\", value:\"MS19-4503273\");\n script_xref(name:\"MSFT\", value:\"MS19-4503276\");\n script_xref(name:\"MSFT\", value:\"MS19-4503285\");\n script_xref(name:\"MSFT\", value:\"MS19-4503292\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"Security Updates for Internet Explorer (June 2019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\");\n # https://support.microsoft.com/en-us/help/4503276/june-11-2019-kb4503276-os-build-monthly-rollup\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?953a7c84\");\n # https://support.microsoft.com/en-us/help/4503273/windows-server-2008-update-kb4503273\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd8cfdad\");\n # https://support.microsoft.com/en-us/help/4503292/windows-7-update-kb4503292\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c09dd7d\");\n # https://support.microsoft.com/en-us/help/4503285/windows-server-2012-kb4503285\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6f9d59c\");\n # https://support.microsoft.com/en-us/help/4503259/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3ebae0e7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4503259\n -KB4503273\n -KB4503276\n -KB4503285\n -KB4503292\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0988\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS19-06';\nkbs = make_list(\n '4503259',\n '4503273',\n '4503276',\n '4503285',\n '4503292'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19377\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4503259\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22773\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4503259\") ||\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19377\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4503259\") ||\n \n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19377\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4503259\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21342\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4503259\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4503259 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4503276 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS19-06', kb:'4503276', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4503285 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS19-06', kb:'4503285', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4503292 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS19-06', kb:'4503292', report);\n }\n else if(os == \"6.0\")\n {\n report += ' - KB4503273 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS19-06', kb:'4503273', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:12", "description": "The remote Windows host is missing security update 4503279.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0990, CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0983)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1064)\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1007, CVE-2019-1021, CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2019-1069)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503279: Windows 10 Version 1703 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-1002", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1021", "CVE-2019-1023", "CVE-2019-1024", "CVE-2019-1025", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1064", "CVE-2019-1069", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JUN_4503279.NASL", "href": "https://www.tenable.com/plugins/nessus/125819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125819);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0709\",\n \"CVE-2019-0710\",\n \"CVE-2019-0711\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0983\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-0989\",\n \"CVE-2019-0990\",\n \"CVE-2019-0991\",\n \"CVE-2019-0992\",\n \"CVE-2019-0993\",\n \"CVE-2019-1002\",\n \"CVE-2019-1003\",\n \"CVE-2019-1005\",\n \"CVE-2019-1007\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1018\",\n \"CVE-2019-1019\",\n \"CVE-2019-1021\",\n \"CVE-2019-1023\",\n \"CVE-2019-1024\",\n \"CVE-2019-1025\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1045\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1051\",\n \"CVE-2019-1052\",\n \"CVE-2019-1053\",\n \"CVE-2019-1054\",\n \"CVE-2019-1055\",\n \"CVE-2019-1064\",\n \"CVE-2019-1069\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108567,\n 108570,\n 108577,\n 108581,\n 108583,\n 108584,\n 108585,\n 108586,\n 108587,\n 108588,\n 108591,\n 108592,\n 108594,\n 108597,\n 108598,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108607,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108621,\n 108624,\n 108630,\n 108632,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108647,\n 108648,\n 108650,\n 108651,\n 108652,\n 108654,\n 108655,\n 108656,\n 108657,\n 108658,\n 108659,\n 108660,\n 108661,\n 108662,\n 108663,\n 108664,\n 108665,\n 108666,\n 108667,\n 108668,\n 108669,\n 108670,\n 108671,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503279\");\n script_xref(name:\"MSFT\", value:\"MS19-4503279\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503279: Windows 10 Version 1703 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503279.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0990,\n CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0983)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge\n that allows for bypassing Mark of the Web Tagging\n (MOTW). Failing to set the MOTW means that a large\n number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1064)\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1007, CVE-2019-1021,\n CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0709,\n CVE-2019-0722)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network File System (NFS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0989, CVE-2019-0991,\n CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,\n CVE-2019-1003, CVE-2019-1024, CVE-2019-1051,\n CVE-2019-1052)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the\n way the Task Scheduler Service validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2019-1069)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503279/windows-10-update-kb4503279\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9bc5294b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4503279.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503279');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503279])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:35", "description": "The remote Windows host is missing security update 4503267.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1051, CVE-2019-1052)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0990, CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0983)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1064)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1007, CVE-2019-1028)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503267: Windows 10 Version 1607 and Windows Server 2016 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-1002", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1023", "CVE-2019-1025", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1064", "CVE-2019-1069", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JUN_4503267.NASL", "href": "https://www.tenable.com/plugins/nessus/125816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125816);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0709\",\n \"CVE-2019-0710\",\n \"CVE-2019-0711\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0983\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-0989\",\n \"CVE-2019-0990\",\n \"CVE-2019-0991\",\n \"CVE-2019-0992\",\n \"CVE-2019-0993\",\n \"CVE-2019-1002\",\n \"CVE-2019-1003\",\n \"CVE-2019-1005\",\n \"CVE-2019-1007\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1018\",\n \"CVE-2019-1019\",\n \"CVE-2019-1023\",\n \"CVE-2019-1025\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1051\",\n \"CVE-2019-1052\",\n \"CVE-2019-1053\",\n \"CVE-2019-1054\",\n \"CVE-2019-1055\",\n \"CVE-2019-1064\",\n \"CVE-2019-1069\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108567,\n 108570,\n 108577,\n 108581,\n 108583,\n 108585,\n 108586,\n 108587,\n 108588,\n 108591,\n 108594,\n 108597,\n 108598,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108607,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108621,\n 108624,\n 108630,\n 108632,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108647,\n 108648,\n 108650,\n 108651,\n 108652,\n 108654,\n 108655,\n 108656,\n 108657,\n 108658,\n 108659,\n 108660,\n 108661,\n 108662,\n 108664,\n 108665,\n 108666,\n 108667,\n 108668,\n 108669,\n 108670,\n 108671,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503267\");\n script_xref(name:\"MSFT\", value:\"MS19-4503267\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503267: Windows 10 Version 1607 and Windows Server 2016 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503267.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0989, CVE-2019-0991,\n CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,\n CVE-2019-1003, CVE-2019-1051, CVE-2019-1052)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0990,\n CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0983)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge\n that allows for bypassing Mark of the Web Tagging\n (MOTW). Failing to set the MOTW means that a large\n number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1064)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0709,\n CVE-2019-0722)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1007, CVE-2019-1028)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the\n way the Task Scheduler Service validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503267/windows-10-update-kb4503267\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c05ae217\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4503267.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503267');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503267])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:34", "description": "The remote Windows host is missing security update 4503293.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0990, CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0959, CVE-2019-0984)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1064)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1041, CVE-2019-1065)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503293: Windows 10 Version 1903 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0959", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0998", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1021", "CVE-2019-1022", "CVE-2019-1023", "CVE-2019-1024", "CVE-2019-1025", "CVE-2019-1026", "CVE-2019-1027", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1041", "CVE-2019-1043", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1064", "CVE-2019-1065", "CVE-2019-1069", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JUN_4503293.NASL", "href": "https://www.tenable.com/plugins/nessus/125825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125825);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0959\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0983\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-0989\",\n \"CVE-2019-0990\",\n \"CVE-2019-0991\",\n \"CVE-2019-0992\",\n \"CVE-2019-0993\",\n \"CVE-2019-0998\",\n \"CVE-2019-1003\",\n \"CVE-2019-1005\",\n \"CVE-2019-1007\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1019\",\n \"CVE-2019-1021\",\n \"CVE-2019-1022\",\n \"CVE-2019-1023\",\n \"CVE-2019-1024\",\n \"CVE-2019-1025\",\n \"CVE-2019-1026\",\n \"CVE-2019-1027\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1041\",\n \"CVE-2019-1043\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1051\",\n \"CVE-2019-1052\",\n \"CVE-2019-1053\",\n \"CVE-2019-1054\",\n \"CVE-2019-1055\",\n \"CVE-2019-1064\",\n \"CVE-2019-1065\",\n \"CVE-2019-1069\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108570,\n 108577,\n 108581,\n 108583,\n 108585,\n 108586,\n 108587,\n 108588,\n 108591,\n 108592,\n 108593,\n 108594,\n 108595,\n 108596,\n 108597,\n 108598,\n 108599,\n 108600,\n 108602,\n 108603,\n 108604,\n 108606,\n 108607,\n 108608,\n 108609,\n 108612,\n 108613,\n 108620,\n 108624,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108647,\n 108648,\n 108649,\n 108650,\n 108651,\n 108652,\n 108653,\n 108654,\n 108655,\n 108656,\n 108657,\n 108658,\n 108659,\n 108660,\n 108662,\n 108663,\n 108664,\n 108665,\n 108666,\n 108667,\n 108668,\n 108669,\n 108670,\n 108671,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503293\");\n script_xref(name:\"MSFT\", value:\"MS19-4503293\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503293: Windows 10 Version 1903 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503293.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1007, CVE-2019-1021,\n CVE-2019-1022, CVE-2019-1026, CVE-2019-1027,\n CVE-2019-1028)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0990,\n CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0959, CVE-2019-0984)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge\n that allows for bypassing Mark of the Web Tagging\n (MOTW). Failing to set the MOTW means that a large\n number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1064)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0989, CVE-2019-0991,\n CVE-2019-0992, CVE-2019-0993, CVE-2019-1003,\n CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the\n way the Task Scheduler Service validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1041, CVE-2019-1065)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503293/windows-10-update-kb4503293\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05d0b88c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4503293.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503293');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503293])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:15", "description": "The remote Windows host is missing security update 4503284.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0990, CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1064)\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1007, CVE-2019-1021, CVE-2019-1027, CVE-2019-1028)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0984)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503284: Windows 10 Version 1709 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0998", "CVE-2019-1002", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1021", "CVE-2019-1023", "CVE-2019-1024", "CVE-2019-1025", "CVE-2019-1027", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1064", "CVE-2019-1069", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JUN_4503284.NASL", "href": "https://www.tenable.com/plugins/nessus/125820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125820);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0709\",\n \"CVE-2019-0710\",\n \"CVE-2019-0711\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0983\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-0989\",\n \"CVE-2019-0990\",\n \"CVE-2019-0991\",\n \"CVE-2019-0992\",\n \"CVE-2019-0993\",\n \"CVE-2019-0998\",\n \"CVE-2019-1002\",\n \"CVE-2019-1003\",\n \"CVE-2019-1005\",\n \"CVE-2019-1007\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1018\",\n \"CVE-2019-1019\",\n \"CVE-2019-1021\",\n \"CVE-2019-1023\",\n \"CVE-2019-1024\",\n \"CVE-2019-1025\",\n \"CVE-2019-1027\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1043\",\n \"CVE-2019-1045\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1051\",\n \"CVE-2019-1052\",\n \"CVE-2019-1053\",\n \"CVE-2019-1054\",\n \"CVE-2019-1055\",\n \"CVE-2019-1064\",\n \"CVE-2019-1069\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108567,\n 108570,\n 108577,\n 108581,\n 108583,\n 108584,\n 108585,\n 108586,\n 108587,\n 108588,\n 108591,\n 108592,\n 108594,\n 108596,\n 108597,\n 108598,\n 108599,\n 108600,\n 108603,\n 108604,\n 108606,\n 108607,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108621,\n 108624,\n 108630,\n 108632,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108647,\n 108648,\n 108650,\n 108651,\n 108652,\n 108653,\n 108654,\n 108655,\n 108656,\n 108657,\n 108658,\n 108659,\n 108660,\n 108661,\n 108662,\n 108663,\n 108664,\n 108665,\n 108666,\n 108667,\n 108668,\n 108669,\n 108670,\n 108671,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503284\");\n script_xref(name:\"MSFT\", value:\"MS19-4503284\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503284: Windows 10 Version 1709 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503284.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0990,\n CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge\n that allows for bypassing Mark of the Web Tagging\n (MOTW). Failing to set the MOTW means that a large\n number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1064)\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1007, CVE-2019-1021,\n CVE-2019-1027, CVE-2019-1028)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0709,\n CVE-2019-0722)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Network File System (NFS) handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1045)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0984)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0989, CVE-2019-0991,\n CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,\n CVE-2019-1003, CVE-2019-1024, CVE-2019-1051,\n CVE-2019-1052)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the\n way the Task Scheduler Service validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503284/windows-10-update-kb4503284\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22fd634e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4503284.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503284');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build == \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503284])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:18:35", "description": "The remote Windows host is missing security update 4503286.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0990, CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1064)\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1007, CVE-2019-1021, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0959, CVE-2019-0984)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1041, CVE-2019-1065)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503286: Windows 10 Version 1803 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0959", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0998", "CVE-2019-1002", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1021", "CVE-2019-1023", "CVE-2019-1024", "CVE-2019-1025", "CVE-2019-1026", "CVE-2019-1027", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1041", "CVE-2019-1043", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1064", "CVE-2019-1065", "CVE-2019-1069", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JUN_4503286.NASL", "href": "https://www.tenable.com/plugins/nessus/125822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125822);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0710\",\n \"CVE-2019-0711\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0959\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0983\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-0989\",\n \"CVE-2019-0990\",\n \"CVE-2019-0991\",\n \"CVE-2019-0992\",\n \"CVE-2019-0993\",\n \"CVE-2019-0998\",\n \"CVE-2019-1002\",\n \"CVE-2019-1003\",\n \"CVE-2019-1005\",\n \"CVE-2019-1007\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1018\",\n \"CVE-2019-1019\",\n \"CVE-2019-1021\",\n \"CVE-2019-1023\",\n \"CVE-2019-1024\",\n \"CVE-2019-1025\",\n \"CVE-2019-1026\",\n \"CVE-2019-1027\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1041\",\n \"CVE-2019-1043\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1051\",\n \"CVE-2019-1052\",\n \"CVE-2019-1053\",\n \"CVE-2019-1054\",\n \"CVE-2019-1055\",\n \"CVE-2019-1064\",\n \"CVE-2019-1065\",\n \"CVE-2019-1069\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108567,\n 108570,\n 108577,\n 108581,\n 108583,\n 108585,\n 108586,\n 108587,\n 108588,\n 108591,\n 108592,\n 108594,\n 108595,\n 108596,\n 108597,\n 108598,\n 108599,\n 108600,\n 108602,\n 108603,\n 108604,\n 108606,\n 108607,\n 108608,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108624,\n 108630,\n 108632,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108647,\n 108648,\n 108649,\n 108650,\n 108651,\n 108652,\n 108653,\n 108654,\n 108655,\n 108656,\n 108657,\n 108658,\n 108659,\n 108660,\n 108661,\n 108662,\n 108663,\n 108664,\n 108665,\n 108666,\n 108667,\n 108668,\n 108669,\n 108670,\n 108671,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503286\");\n script_xref(name:\"MSFT\", value:\"MS19-4503286\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503286: Windows 10 Version 1803 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503286.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0990,\n CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge\n that allows for bypassing Mark of the Web Tagging\n (MOTW). Failing to set the MOTW means that a large\n number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1064)\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1007, CVE-2019-1021,\n CVE-2019-1026, CVE-2019-1027, CVE-2019-1028)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0959, CVE-2019-0984)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0989, CVE-2019-0991,\n CVE-2019-0992, CVE-2019-0993, CVE-2019-1002,\n CVE-2019-1003, CVE-2019-1024, CVE-2019-1051,\n CVE-2019-1052)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the\n way the Task Scheduler Service validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1041, CVE-2019-1065)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503286/june112019kb4503286osbuild17134821\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1318c44e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4503286.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503286');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503286])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:17:30", "description": "The remote Windows host is missing security update 4503327.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. (CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028)\n\n - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0990, CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-0959, CVE-2019-0984)\n\n - An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1064)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1003, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)\n\n - This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046, CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. (CVE-2019-1044)\n\n - A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1041, CVE-2019-1065)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-0986)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "KB4503327: Windows 10 Version 1809 and Windows Server 2019 June 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0959", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0998", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1021", "CVE-2019-1022", "CVE-2019-1023", "CVE-2019-1024", "CVE-2019-1025", "CVE-2019-1026", "CVE-2019-1027", "CVE-2019-1028", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1041", "CVE-2019-1043", "CVE-2019-1044", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1064", "CVE-2019-1065", "CVE-2019-1069", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_JUN_4503327.NASL", "href": "https://www.tenable.com/plugins/nessus/125826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125826);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0620\",\n \"CVE-2019-0710\",\n \"CVE-2019-0711\",\n \"CVE-2019-0713\",\n \"CVE-2019-0722\",\n \"CVE-2019-0888\",\n \"CVE-2019-0904\",\n \"CVE-2019-0905\",\n \"CVE-2019-0906\",\n \"CVE-2019-0907\",\n \"CVE-2019-0908\",\n \"CVE-2019-0909\",\n \"CVE-2019-0920\",\n \"CVE-2019-0941\",\n \"CVE-2019-0943\",\n \"CVE-2019-0948\",\n \"CVE-2019-0959\",\n \"CVE-2019-0972\",\n \"CVE-2019-0973\",\n \"CVE-2019-0974\",\n \"CVE-2019-0983\",\n \"CVE-2019-0984\",\n \"CVE-2019-0986\",\n \"CVE-2019-0988\",\n \"CVE-2019-0989\",\n \"CVE-2019-0990\",\n \"CVE-2019-0991\",\n \"CVE-2019-0992\",\n \"CVE-2019-0993\",\n \"CVE-2019-0998\",\n \"CVE-2019-1003\",\n \"CVE-2019-1005\",\n \"CVE-2019-1007\",\n \"CVE-2019-1010\",\n \"CVE-2019-1012\",\n \"CVE-2019-1014\",\n \"CVE-2019-1017\",\n \"CVE-2019-1018\",\n \"CVE-2019-1019\",\n \"CVE-2019-1021\",\n \"CVE-2019-1022\",\n \"CVE-2019-1023\",\n \"CVE-2019-1024\",\n \"CVE-2019-1025\",\n \"CVE-2019-1026\",\n \"CVE-2019-1027\",\n \"CVE-2019-1028\",\n \"CVE-2019-1038\",\n \"CVE-2019-1039\",\n \"CVE-2019-1040\",\n \"CVE-2019-1041\",\n \"CVE-2019-1043\",\n \"CVE-2019-1044\",\n \"CVE-2019-1046\",\n \"CVE-2019-1050\",\n \"CVE-2019-1051\",\n \"CVE-2019-1052\",\n \"CVE-2019-1053\",\n \"CVE-2019-1054\",\n \"CVE-2019-1055\",\n \"CVE-2019-1064\",\n \"CVE-2019-1065\",\n \"CVE-2019-1069\",\n \"CVE-2019-1080\",\n \"CVE-2019-1081\"\n );\n script_bugtraq_id(\n 108567,\n 108570,\n 108577,\n 108581,\n 108583,\n 108585,\n 108586,\n 108587,\n 108588,\n 108591,\n 108592,\n 108593,\n 108594,\n 108595,\n 108596,\n 108597,\n 108598,\n 108599,\n 108600,\n 108602,\n 108603,\n 108604,\n 108605,\n 108606,\n 108607,\n 108608,\n 108609,\n 108612,\n 108613,\n 108614,\n 108620,\n 108624,\n 108630,\n 108632,\n 108633,\n 108638,\n 108641,\n 108644,\n 108646,\n 108647,\n 108648,\n 108649,\n 108650,\n 108651,\n 108652,\n 108653,\n 108654,\n 108655,\n 108656,\n 108657,\n 108658,\n 108659,\n 108660,\n 108662,\n 108663,\n 108664,\n 108665,\n 108666,\n 108667,\n 108668,\n 108669,\n 108670,\n 108671,\n 108708,\n 108709\n );\n script_xref(name:\"MSKB\", value:\"4503327\");\n script_xref(name:\"MSFT\", value:\"MS19-4503327\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0430\");\n\n script_name(english:\"KB4503327: Windows 10 Version 1809 and Windows Server 2019 June 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4503327.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege exists in Windows Audio\n Service. An attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1007, CVE-2019-1021,\n CVE-2019-1022, CVE-2019-1026, CVE-2019-1027,\n CVE-2019-1028)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-0943)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0620, CVE-2019-0722)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1019)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1014, CVE-2019-1017)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1040)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0710, CVE-2019-0711, CVE-2019-0713)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0990,\n CVE-2019-1023)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2019-0959, CVE-2019-0984)\n\n - An elevation of privilege vulnerability exists in the\n Windows Installer when the Windows Installer fails to\n properly sanitize input leading to an insecure library\n loading behavior. A locally authenticated attacker could\n run arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. The security update addresses the vulnerability\n by correcting the input sanitization error to preclude\n unintended elevation. (CVE-2019-0973)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0904, CVE-2019-0905, CVE-2019-0906,\n CVE-2019-0907, CVE-2019-0908, CVE-2019-0909,\n CVE-2019-0974)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1018)\n\n - An information disclosure vulnerability exists in the\n Windows Event Viewer (eventvwr.msc) when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-0948)\n\n - A security feature bypass vulnerability exists in Edge\n that allows for bypassing Mark of the Web Tagging\n (MOTW). Failing to set the MOTW means that a large\n number of Microsoft security technologies are bypassed.\n (CVE-2019-1054)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1043)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0920, CVE-2019-1005, CVE-2019-1055,\n CVE-2019-1080)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1038)\n\n - An elevation of privilege vulnerability exists when\n Windows AppX Deployment Service (AppXSVC) improperly\n handles hard links. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1064)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1025)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0988)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-1039)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0989, CVE-2019-0991,\n CVE-2019-0992, CVE-2019-0993, CVE-2019-1003,\n CVE-2019-1024, CVE-2019-1051, CVE-2019-1052)\n\n - This security update corrects a denial of service in the\n Local Security Authority Subsystem Service (LSASS)\n caused when an authenticated attacker sends a specially\n crafted authentication request. A remote attacker who\n successfully exploited this vulnerability could cause a\n denial of service on the target system's LSASS service,\n which triggers an automatic reboot of the system. The\n security update addresses the vulnerability by changing\n the way that LSASS handles specially crafted\n authentication requests. (CVE-2019-0972)\n\n - An information disclosure vulnerability exists when\n affected Microsoft browsers improperly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1081)\n\n - An elevation of privilege vulnerability exists when the\n Windows Shell fails to validate folder shortcuts. An\n attacker who successfully exploited the vulnerability\n could elevate privileges by escaping a sandbox.\n (CVE-2019-1053)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1010, CVE-2019-1012, CVE-2019-1046,\n CVE-2019-1050)\n\n - A remote code execution vulnerability exists in the way\n that ActiveX Data Objects (ADO) handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute arbitrary code with the\n victim users privileges. An attacker could craft a\n website that exploits the vulnerability and then\n convince a victim user to visit the website. The\n security update addresses the vulnerability by modifying\n how ActiveX Data Objects handle objects in memory.\n (CVE-2019-0888)\n\n - A security feature bypass vulnerability exists when\n Windows Secure Kernel Mode fails to properly handle\n objects in memory. (CVE-2019-1044)\n\n - A denial of service exists in Microsoft IIS Server when\n the optional request filtering feature improperly\n handles requests. An attacker who successfully exploited\n this vulnerability could perform a temporary denial of\n service against pages configured to use request\n filtering. (CVE-2019-0941)\n\n - An elevation of privilege vulnerability exists in the\n way the Task Scheduler Service validates certain file\n operations. An attacker who successfully exploited the\n vulnerability could gain elevated privileges on a victim\n system. (CVE-2019-1069)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0983, CVE-2019-0998)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1041, CVE-2019-1065)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-0986)\");\n # https://support.microsoft.com/en-us/help/4503327/windows-10-update-kb4503327\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1f9e5bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4503327.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0974\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-06\";\nkbs = make_list('4503327');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"06_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4503327])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-03-21T08:28:08", "description": "### *Detect date*:\n06/11/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, spoof user interface, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2012 \nInternet Explorer 11 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nInternet Explorer 10 \nWindows Server 2012 R2 \nWindows Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1039](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1039>) \n[CVE-2019-1028](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1028>) \n[CVE-2019-1048](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1048>) \n[CVE-2019-1049](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1049>) \n[CVE-2019-0888](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0888>) \n[CVE-2019-1009](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1009>) \n[CVE-2019-1046](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1046>) \n[CVE-2019-1047](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1047>) \n[CVE-2019-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1040>) \n[CVE-2019-1025](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1025>) \n[CVE-2019-1014](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1014>) \n[CVE-2019-1080](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1080>) \n[CVE-2019-1081](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1081>) \n[CVE-2019-0713](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0713>) \n[CVE-2019-1005](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1005>) \n[CVE-2019-0968](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0968>) \n[CVE-2019-0908](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0908>) \n[CVE-2019-1010](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1010>) \n[CVE-2019-0986](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0986>) \n[CVE-2019-0906](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0906>) \n[CVE-2019-0984](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0984>) \n[CVE-2019-0985](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0985>) \n[CVE-2019-1045](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1045>) \n[CVE-2019-0960](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0960>) \n[CVE-2019-0904](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0904>) \n[CVE-2019-1017](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1017>) \n[CVE-2019-0943](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0943>) \n[CVE-2019-1015](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1015>) \n[CVE-2019-0941](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0941>) \n[CVE-2019-1013](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1013>) \n[CVE-2019-1012](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1012>) \n[CVE-2019-1011](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1011>) \n[CVE-2019-0909](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0909>) \n[CVE-2019-0722](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0722>) \n[CVE-2019-0907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0907>) \n[CVE-2019-0948](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0948>) \n[CVE-2019-0905](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0905>) \n[CVE-2019-1019](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1019>) \n[CVE-2019-1053](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1053>) \n[CVE-2019-0920](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0920>) \n[CVE-2019-1055](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1055>) \n[CVE-2019-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1043>) \n[CVE-2019-1016](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1016>) \n[CVE-2019-0977](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0977>) \n[CVE-2019-0974](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0974>) \n[CVE-2019-0973](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0973>) \n[CVE-2019-0972](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0972>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-0986](<https://vulners.com/cve/CVE-2019-0986>)3.6Warning \n[CVE-2019-0973](<https://vulners.com/cve/CVE-2019-0973>)7.2High \n[CVE-2019-1040](<https://vulners.com/cve/CVE-2019-1040>)4.3Warning \n[CVE-2019-0909](<https://vulners.com/cve/CVE-2019-0909>)9.3Critical \n[CVE-2019-0948](<https://vulners.com/cve/CVE-2019-0948>)4.3Warning \n[CVE-2019-1019](<https://vulners.com/cve/CVE-2019-1019>)6.0High \n[CVE-2019-1010](<https://vulners.com/cve/CVE-2019-1010>)4.3Warning \n[CVE-2019-1053](<https://vulners.com/cve/CVE-2019-1053>)7.2High \n[CVE-2019-0908](<https://vulners.com/cve/CVE-2019-0908>)9.3Critical \n[CVE-2019-0977](<https://vulners.com/cve/CVE-2019-0977>)4.3Warning \n[CVE-2019-1009](<https://vulners.com/cve/CVE-2019-1009>)4.3Warning \n[CVE-2019-0722](<https://vulners.com/cve/CVE-2019-0722>)9.0Critical \n[CVE-2019-1039](<https://vulners.com/cve/CVE-2019-1039>)2.1Warning \n[CVE-2019-1043](<https://vulners.com/cve/CVE-2019-1043>)8.5Critical \n[CVE-2019-1025](<https://vulners.com/cve/CVE-2019-1025>)7.8Critical \n[CVE-2019-0974](<https://vulners.com/cve/CVE-2019-0974>)9.3Critical \n[CVE-2019-1045](<https://vulners.com/cve/CVE-2019-1045>)7.2High \n[CVE-2019-0905](<https://vulners.com/cve/CVE-2019-0905>)9.3Critical \n[CVE-2019-1014](<https://vulners.com/cve/CVE-2019-1014>)7.2High \n[CVE-2019-0941](<https://vulners.com/cve/CVE-2019-0941>)5.0Critical \n[CVE-2019-0985](<https://vulners.com/cve/CVE-2019-0985>)6.8High \n[CVE-2019-0960](<https://vulners.com/cve/CVE-2019-0960>)7.2High \n[CVE-2019-0984](<https://vulners.com/cve/CVE-2019-0984>)7.2High \n[CVE-2019-0906](<https://vulners.com/cve/CVE-2019-0906>)9.3Critical \n[CVE-2019-0943](<https://vulners.com/cve/CVE-2019-0943>)7.2High \n[CVE-2019-1047](<https://vulners.com/cve/CVE-2019-1047>)4.3Warning \n[CVE-2019-1028](<https://vulners.com/cve/CVE-2019-1028>)4.6Warning \n[CVE-2019-1048](<https://vulners.com/cve/CVE-2019-1048>)4.3Warning \n[CVE-2019-1015](<https://vulners.com/cve/CVE-2019-1015>)4.3Warning \n[CVE-2019-1049](<https://vulners.com/cve/CVE-2019-1049>)4.3Warning \n[CVE-2019-1046](<https://vulners.com/cve/CVE-2019-1046>)4.3Warning \n[CVE-2019-0888](<https://vulners.com/cve/CVE-2019-0888>)9.3Critical \n[CVE-2019-0907](<https://vulners.com/cve/CVE-2019-0907>)9.3Critical \n[CVE-2019-1011](<https://vulners.com/cve/CVE-2019-1011>)4.3Warning \n[CVE-2019-1013](<https://vulners.com/cve/CVE-2019-1013>)4.3Warning \n[CVE-2019-1012](<https://vulners.com/cve/CVE-2019-1012>)4.3Warning \n[CVE-2019-0968](<https://vulners.com/cve/CVE-2019-0968>)4.3Warning \n[CVE-2019-0904](<https://vulners.com/cve/CVE-2019-0904>)9.3Critical \n[CVE-2019-0713](<https://vulners.com/cve/CVE-2019-0713>)5.5High \n[CVE-2019-1017](<https://vulners.com/cve/CVE-2019-1017>)7.2High \n[CVE-2019-0972](<https://vulners.com/cve/CVE-2019-0972>)6.8High \n[CVE-2019-1016](<https://vulners.com/cve/CVE-2019-1016>)4.3Warning \n[CVE-2019-1081](<https://vulners.com/cve/CVE-2019-1081>)4.3Warning \n[CVE-2019-1005](<https://vulners.com/cve/CVE-2019-1005>)7.6Critical \n[CVE-2019-1055](<https://vulners.com/cve/CVE-2019-1055>)7.6Critical \n[CVE-2019-1080](<https://vulners.com/cve/CVE-2019-1080>)7.6Critical \n[CVE-2019-0920](<https://vulners.com/cve/CVE-2019-0920>)7.6Critical\n\n### *KB list*:\n[4503287](<http://support.microsoft.com/kb/4503287>) \n[4503292](<http://support.microsoft.com/kb/4503292>) \n[4503273](<http://support.microsoft.com/kb/4503273>) \n[4503269](<http://support.microsoft.com/kb/4503269>) \n[4503259](<http://support.microsoft.com/kb/4503259>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "kaspersky", "title": "KLA11874 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0920", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0960", "CVE-2019-0968", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0977", "CVE-2019-0984", "CVE-2019-0985", "CVE-2019-0986", "CVE-2019-1005", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1017", "CVE-2019-1019", "CVE-2019-1025", "CVE-2019-1028", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1043", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1053", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2023-03-17T00:00:00", "id": "KLA11874", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11874/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T08:32:12", "description": "### *Detect date*:\n06/11/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 for 32-bit Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 R2 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 (Server Core installation) \nWindows RT 8.1 \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1709 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1046](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1046>) \n[CVE-2019-1025](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1025>) \n[CVE-2019-0713](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0713>) \n[CVE-2019-0943](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0943>) \n[CVE-2019-0973](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0973>) \n[CVE-2019-1064](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1064>) \n[CVE-2019-0998](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0998>) \n[CVE-2019-0986](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0986>) \n[CVE-2019-1015](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1015>) \n[CVE-2019-1022](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1022>) \n[CVE-2019-0711](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0711>) \n[CVE-2019-0948](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0948>) \n[CVE-2019-0710](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0710>) \n[CVE-2019-0909](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0909>) \n[CVE-2019-0984](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0984>) \n[CVE-2019-1045](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1045>) \n[CVE-2019-0907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0907>) \n[CVE-2019-1050](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1050>) \n[CVE-2019-1044](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1044>) \n[CVE-2019-1019](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1019>) \n[CVE-2019-1043](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1043>) \n[CVE-2019-1039](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1039>) \n[CVE-2019-0905](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0905>) \n[CVE-2019-1065](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1065>) \n[CVE-2019-1010](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1010>) \n[CVE-2019-0974](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0974>) \n[CVE-2019-0908](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0908>) \n[CVE-2019-1028](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1028>) \n[CVE-2019-1021](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1021>) \n[CVE-2019-0983](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0983>) \n[CVE-2019-0904](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0904>) \n[CVE-2019-1014](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1014>) \n[CVE-2019-1027](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1027>) \n[CVE-2019-1069](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1069>) \n[CVE-2019-1026](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1026>) \n[CVE-2019-1041](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1041>) \n[CVE-2019-0941](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0941>) \n[CVE-2019-0906](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0906>) \n[CVE-2019-1012](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1012>) \n[CVE-2019-1018](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1018>) \n[CVE-2019-0722](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0722>) \n[CVE-2019-0620](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0620>) \n[CVE-2019-0888](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0888>) \n[CVE-2019-0959](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0959>) \n[CVE-2019-1053](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1053>) \n[CVE-2019-1040](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1040>) \n[CVE-2019-1017](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1017>) \n[CVE-2019-0709](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0709>) \n[CVE-2019-1007](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1007>) \n[CVE-2019-0972](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0972>) \n[ADV190016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190016>) \n[ADV190017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190017>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1065](<https://vulners.com/cve/CVE-2019-1065>)7.2High \n[CVE-2019-0959](<https://vulners.com/cve/CVE-2019-0959>)7.2High \n[CVE-2019-0986](<https://vulners.com/cve/CVE-2019-0986>)3.6Warning \n[CVE-2019-0973](<https://vulners.com/cve/CVE-2019-0973>)7.2High \n[CVE-2019-1040](<https://vulners.com/cve/CVE-2019-1040>)4.3Warning \n[CVE-2019-0909](<https://vulners.com/cve/CVE-2019-0909>)9.3Critical \n[CVE-2019-0948](<https://vulners.com/cve/CVE-2019-0948>)4.3Warning \n[CVE-2019-1019](<https://vulners.com/cve/CVE-2019-1019>)6.0High \n[CVE-2019-1010](<https://vulners.com/cve/CVE-2019-1010>)4.3Warning \n[CVE-2019-1027](<https://vulners.com/cve/CVE-2019-1027>)4.6Warning \n[CVE-2019-1041](<https://vulners.com/cve/CVE-2019-1041>)7.2High \n[CVE-2019-1053](<https://vulners.com/cve/CVE-2019-1053>)7.2High \n[CVE-2019-0908](<https://vulners.com/cve/CVE-2019-0908>)9.3Critical \n[CVE-2019-0722](<https://vulners.com/cve/CVE-2019-0722>)9.0Critical \n[CVE-2019-1039](<https://vulners.com/cve/CVE-2019-1039>)2.1Warning \n[CVE-2019-1007](<https://vulners.com/cve/CVE-2019-1007>)4.6Warning \n[CVE-2019-1043](<https://vulners.com/cve/CVE-2019-1043>)8.5Critical \n[CVE-2019-1025](<https://vulners.com/cve/CVE-2019-1025>)7.8Critical \n[CVE-2019-1044](<https://vulners.com/cve/CVE-2019-1044>)7.2High \n[CVE-2019-0974](<https://vulners.com/cve/CVE-2019-0974>)9.3Critical \n[CVE-2019-0709](<https://vulners.com/cve/CVE-2019-0709>)7.7Critical \n[CVE-2019-0620](<https://vulners.com/cve/CVE-2019-0620>)7.7Critical \n[CVE-2019-1045](<https://vulners.com/cve/CVE-2019-1045>)7.2High \n[CVE-2019-0905](<https://vulners.com/cve/CVE-2019-0905>)9.3Critical \n[CVE-2019-1069](<https://vulners.com/cve/CVE-2019-1069>)7.2High \n[CVE-2019-1014](<https://vulners.com/cve/CVE-2019-1014>)7.2High \n[CVE-2019-0941](<https://vulners.com/cve/CVE-2019-0941>)5.0Critical \n[CVE-2019-1026](<https://vulners.com/cve/CVE-2019-1026>)4.6Warning \n[CVE-2019-0984](<https://vulners.com/cve/CVE-2019-0984>)7.2High \n[CVE-2019-0906](<https://vulners.com/cve/CVE-2019-0906>)9.3Critical \n[CVE-2019-0943](<https://vulners.com/cve/CVE-2019-0943>)7.2High \n[CVE-2019-1028](<https://vulners.com/cve/CVE-2019-1028>)4.6Warning \n[CVE-2019-1021](<https://vulners.com/cve/CVE-2019-1021>)4.6Warning \n[CVE-2019-1015](<https://vulners.com/cve/CVE-2019-1015>)4.3Warning \n[CVE-2019-1064](<https://vulners.com/cve/CVE-2019-1064>)7.2High \n[CVE-2019-1046](<https://vulners.com/cve/CVE-2019-1046>)4.3Warning \n[CVE-2019-0888](<https://vulners.com/cve/CVE-2019-0888>)9.3Critical \n[CVE-2019-0907](<https://vulners.com/cve/CVE-2019-0907>)9.3Critical \n[CVE-2019-0711](<https://vulners.com/cve/CVE-2019-0711>)5.5High \n[CVE-2019-1050](<https://vulners.com/cve/CVE-2019-1050>)4.3Warning \n[CVE-2019-1012](<https://vulners.com/cve/CVE-2019-1012>)4.3Warning \n[CVE-2019-1018](<https://vulners.com/cve/CVE-2019-1018>)7.2High \n[CVE-2019-0904](<https://vulners.com/cve/CVE-2019-0904>)9.3Critical \n[CVE-2019-1022](<https://vulners.com/cve/CVE-2019-1022>)4.6Warning \n[CVE-2019-0713](<https://vulners.com/cve/CVE-2019-0713>)5.5High \n[CVE-2019-1017](<https://vulners.com/cve/CVE-2019-1017>)7.2High \n[CVE-2019-0998](<https://vulners.com/cve/CVE-2019-0998>)7.2High \n[CVE-2019-0710](<https://vulners.com/cve/CVE-2019-0710>)5.5High \n[CVE-2019-0983](<https://vulners.com/cve/CVE-2019-0983>)7.2High \n[CVE-2019-0972](<https://vulners.com/cve/CVE-2019-0972>)6.8High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4503293](<http://support.microsoft.com/kb/4503293>) \n[4503327](<http://support.microsoft.com/kb/4503327>) \n[4503286](<http://support.microsoft.com/kb/4503286>) \n[4503284](<http://support.microsoft.com/kb/4503284>) \n[4503285](<http://support.microsoft.com/kb/4503285>) \n[4503276](<http://support.microsoft.com/kb/4503276>) \n[4503267](<http://support.microsoft.com/kb/4503267>) \n[4503263](<http://support.microsoft.com/kb/4503263>) \n[4503291](<http://support.microsoft.com/kb/4503291>) \n[4503290](<http://support.microsoft.com/kb/4503290>) \n[4503279](<http://support.microsoft.com/kb/4503279>) \n[4507453](<http://support.microsoft.com/kb/4507453>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "kaspersky", "title": "KLA11493 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0959", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0986", "CVE-2019-0998", "CVE-2019-1007", "CVE-2019-1010", "CVE-2019-1012", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1021", "CVE-2019-1022", "CVE-2019-1025", "CVE-2019-1026", "CVE-2019-1027", "CVE-2019-1028", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1041", "CVE-2019-1043", "CVE-2019-1044", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1050", "CVE-2019-1053", "CVE-2019-1064", "CVE-2019-1065", "CVE-2019-1069"], "modified": "2023-03-17T00:00:00", "id": "KLA11493", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11493/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:58:14", "description": "### *Detect date*:\n06/11/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nInternet Explorer 11 \nMicrosoft Edge \nInternet Explorer 10 \nInternet Explorer 9 \nChakraCore\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1081>) \n[CVE-2019-1051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1051>) \n[CVE-2019-1054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1054>) \n[CVE-2019-0993](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0993>) \n[CVE-2019-1024](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1024>) \n[CVE-2019-0989](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0989>) \n[CVE-2019-0990](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0990>) \n[CVE-2019-1038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1038>) \n[CVE-2019-1002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1002>) \n[CVE-2019-1005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1005>) \n[CVE-2019-1055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1055>) \n[CVE-2019-0991](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0991>) \n[CVE-2019-1023](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1023>) \n[CVE-2019-1080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1080>) \n[CVE-2019-0992](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0992>) \n[CVE-2019-1003](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1003>) \n[CVE-2019-0988](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0988>) \n[CVE-2019-1052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1052>) \n[CVE-2019-0920](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0920>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-1081](<https://vulners.com/cve/CVE-2019-1081>)4.3Warning \n[CVE-2019-1051](<https://vulners.com/cve/CVE-2019-1051>)7.6Critical \n[CVE-2019-1054](<https://vulners.com/cve/CVE-2019-1054>)5.1High \n[CVE-2019-0993](<https://vulners.com/cve/CVE-2019-0993>)7.6Critical \n[CVE-2019-1024](<https://vulners.com/cve/CVE-2019-1024>)7.6Critical \n[CVE-2019-0989](<https://vulners.com/cve/CVE-2019-0989>)7.6Critical \n[CVE-2019-0990](<https://vulners.com/cve/CVE-2019-0990>)4.3Warning \n[CVE-2019-1038](<https://vulners.com/cve/CVE-2019-1038>)7.6Critical \n[CVE-2019-1002](<https://vulners.com/cve/CVE-2019-1002>)7.6Critical \n[CVE-2019-1005](<https://vulners.com/cve/CVE-2019-1005>)7.6Critical \n[CVE-2019-1055](<https://vulners.com/cve/CVE-2019-1055>)7.6Critical \n[CVE-2019-0991](<https://vulners.com/cve/CVE-2019-0991>)7.6Critical \n[CVE-2019-1023](<https://vulners.com/cve/CVE-2019-1023>)4.3Warning \n[CVE-2019-1080](<https://vulners.com/cve/CVE-2019-1080>)7.6Critical \n[CVE-2019-0992](<https://vulners.com/cve/CVE-2019-0992>)7.6Critical \n[CVE-2019-1003](<https://vulners.com/cve/CVE-2019-1003>)7.6Critical \n[CVE-2019-0988](<https://vulners.com/cve/CVE-2019-0988>)7.6Critical \n[CVE-2019-1052](<https://vulners.com/cve/CVE-2019-1052>)7.6Critical \n[CVE-2019-0920](<https://vulners.com/cve/CVE-2019-0920>)7.6Critical\n\n### *KB list*:\n[4503293](<http://support.microsoft.com/kb/4503293>) \n[4503327](<http://support.microsoft.com/kb/4503327>) \n[4503286](<http://support.microsoft.com/kb/4503286>) \n[4503284](<http://support.microsoft.com/kb/4503284>) \n[4503285](<http://support.microsoft.com/kb/4503285>) \n[4503276](<http://support.microsoft.com/kb/4503276>) \n[4503292](<http://support.microsoft.com/kb/4503292>) \n[4503267](<http://support.microsoft.com/kb/4503267>) \n[4503291](<http://support.microsoft.com/kb/4503291>) \n[4503279](<http://support.microsoft.com/kb/4503279>) \n[4503259](<http://support.microsoft.com/kb/4503259>) \n[4512497](<http://support.microsoft.com/kb/4512497>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T00:00:00", "type": "kaspersky", "title": "KLA11500 Multiple vulnerabilities in Microsoft Browsers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0920", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-1002", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1023", "CVE-2019-1024", "CVE-2019-1038", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1080", "CVE-2019-1081"], "modified": "2020-07-22T00:00:00", "id": "KLA11500", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11500/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-09T14:23:32", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0907", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0974"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0907", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0907", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:31", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0974.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0909", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0974"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0909", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0909", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:32", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0906", "cwe": ["CWE-129"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0974"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0906", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:30", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0909, CVE-2019-0974.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0908", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0974"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0908", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0908", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:30", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0904", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0974"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0904", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:42", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0974", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0974"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0974", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0974", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:31", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0904, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0905", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0974"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0905", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:46", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1080.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1055", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0920", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1055", "CVE-2019-1080"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9"], "id": "CVE-2019-1055", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1055", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:26:25", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1080", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0920", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1055", "CVE-2019-1080"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9"], "id": "CVE-2019-1080", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1080", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T15:41:07", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0988", "cwe": ["CWE-843", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0920", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1055", "CVE-2019-1080"], "modified": "2023-01-31T14:16:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2019-0988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0988", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:08", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1055, CVE-2019-1080.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1005", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0920", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1055", "CVE-2019-1080"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9"], "id": "CVE-2019-1005", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1005", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:33", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0988, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0920", "cwe": ["CWE-843", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0920", "CVE-2019-0988", "CVE-2019-1005", "CVE-2019-1055", "CVE-2019-1080"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9"], "id": "CVE-2019-0920", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0920", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:10:-:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:00", "description": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0709.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0722", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0722"], "modified": "2019-06-12T20:26:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0722", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0722", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:22:59", "description": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0722.", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0709", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0722"], "modified": "2019-06-12T19:58:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0709", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0709", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-02-09T14:22:43", "description": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0709, CVE-2019-0722.", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0620", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0722"], "modified": "2019-06-12T19:49:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0620", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0620", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:39", "description": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1014, CVE-2019-1017.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0960", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0960", "CVE-2019-1014", "CVE-2019-1017"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-0960", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0960", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:49", "description": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1014.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1017", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0960", "CVE-2019-1014", "CVE-2019-1017"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1017", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:42", "description": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0960, CVE-2019-1017.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1014", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0960", "CVE-2019-1014", "CVE-2019-1017"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1014", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1014", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:42", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0977", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T12:24:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-0977", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0977", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:41", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0968", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-0968", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0968", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:15", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1009", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-08-09T16:15:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1009", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:19", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1010", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T17:19:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1010", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:40", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1012", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T15:03:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1012", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1012", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:37", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1049", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T17:42:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1049", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1049", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:35", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1048", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1048", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1048", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:33", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1046", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T19:41:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1046", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1046", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:39", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1050", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T17:48:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1050", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:34", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1047", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T17:31:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1047", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:39", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1011", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T15:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1011", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1011", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:43", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1013", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-17T15:15:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1013", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1013", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:45", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1015", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T14:53:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1015", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:45", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1016", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0968", "CVE-2019-0977", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050"], "modified": "2019-06-13T12:27:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:r2"], "id": "CVE-2019-1016", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1016", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:37", "description": "An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity, aka 'Windows Event Viewer Information Disclosure Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0948", "cwe": ["CWE-611"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0948"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0948", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0948", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:31", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory, aka 'Windows Network File System Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1045", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1045"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-"], "id": "CVE-2019-1045", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1045", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:27", "description": "A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1043", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1043"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1043", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1043", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:22", "description": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1038", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1038"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2019-1038", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1038", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:22", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1039", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1039"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1039", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1039", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:42", "description": "This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0972", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0972"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0972", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0972", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:23", "description": "A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1040", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1040"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1040", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:44", "description": "An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1053", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1053"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1053", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:36", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0943", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0943"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0943", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0943", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:42", "description": "An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0973", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0973"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0973", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0973", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:25:00", "description": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1025", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1025"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1025", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1025", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:26:26", "description": "An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1081", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1081"], "modified": "2019-06-13T14:02:00", "cpe": ["cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9"], "id": "CVE-2019-1081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1081", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:49", "description": "A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-1019", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1019"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1019", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:44", "description": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0986", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0986"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0986", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:36", "description": "A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0941", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0941"], "modified": "2019-06-12T20:49:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0941", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0941", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:23:28", "description": "A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory, aka 'ActiveX Data Objects (ADO) Remote Code Execution Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-12T14:29:00", "type": "cve", "title": "CVE-2019-0888", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0888"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0888", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0888", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}], "thn": [{"lastseen": "2022-05-09T12:39:34", "description": "[](<https://thehackernews.com/images/-rWEOBIr2-vE/XP_DsH-R1uI/AAAAAAAA0L8/4wO0_A8Veu84Nv9fNtKdix7wropZCI-dQCLcBGAs/s728-e100/windows-patch-updates-june.jpg>)\n\nAfter [Adobe](<https://thehackernews.com/2019/06/adobe-patch-june.html>), the technology giant Microsoft today\u2014on June 2019 Patch Tuesday\u2014also [released](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573>) its monthly batch of software security updates for various supported versions of Windows operating systems and other Microsoft products. \n \nThis month's security updates include patches for a total of 88 vulnerabilities, 21 are rated Critical, 66 are Important, and one is rated Moderate in severity. \n \nThe June 2019 updates include patches Windows OS, Internet Explorer, Microsoft Edge browser, Microsoft Office and Services, ChakraCore, Skype for Business, Microsoft Lync, Microsoft Exchange Server, and Azure. \n \nFour of the security vulnerabilities, all rated important and could allow attackers to escalate privileges, patched by the tech giant this month were disclosed publicly, of which none were found exploited in the wild. \n \n\n\n## Unpatched Issue Reported by Google Researcher\n\n \nHowever, Microsoft failed to patch a [minor flaw in SymCrypt](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1804>), a core cryptographic function library currently used by Windows, which on successful exploitation could allow malicious programs to interrupt (denial of service) the encryption service for other programs. \n \nThis vulnerability was reported to Microsoft by Tavis Ormandy, a Google project zero security researcher, almost 90 days ago. Ormandy today publicly released details and proof-of-concept of the flaw after finding that Microsoft doesn't have any plan to patch the issue with this month updates. \n \n\n\n> \"I've been able to construct an X.509 certificate that triggers the bug. I've found that embedding the certificate in an S/MIME message, authenticode signature, schannel connection, and so on will effectively DoS any windows server (e.g. ipsec, iis, exchange, etc) and (depending on the context) may require the machine to be rebooted,\" Ormandy said.\n\n \n\n\n> \"Obviously, lots of software that processes untrusted content (like antivirus) call these routines on untrusted data, and this will cause them to deadlock.\"\n\n \n\n\n## RCE Through NTLM Vulnerabilities (All Windows Versions Affected)\n\n \nDiscovered by researchers at Preempt, [two important severity vulnerabilities](<https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm>) (CVE-2019-1040 and CVE-2019-1019) affect Microsoft's NTLM authentication protocol that could allow remote attackers to bypass NTLM protection mechanisms and re-enable NTLM Relay attacks. \n \nThese flaws originate from three logical flaws that let attackers bypass various mitigations\u2014including Message Integrity Code (MIC), SMB Session Signing andEnhanced Protection for Authentication (EPA)\u2014Microsoft added to prevent NTLM Relay attacks. \n \nOn successful exploitation, a man-in-the-middle attacker can \"execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS.\" \n \nThe latest Microsoft Windows updates address the vulnerability by hardening NTLM MIC protection on the server-side. \n \n\n\n## Other Important Microsoft Vulnerabilities\n\n \nHere below we have compiled a list of other critical and important Microsoft vulnerabilities of which you should be aware of: \n \n**1) Windows Hyper-V RCE and DoS Vulnerabilities** (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722) \u2014 Microsoft patches three critical remote code execution vulnerabilities in Windows Hyper-V, native virtualization software that lets administrators run multiple operating systems as virtual machines on Windows. \n \nAccording to advisories, these flaws originate because the host machine fails to properly validate inputs from an authenticated user on a guest operating system. \n \nHyper-V RCE flaws thus allow an attacker to execute arbitrary malicious code on the host operating system just by executing a specially crafted application on a guest operating system. \n \nBesides RCE flaws in Hyper-V, Microsoft has also released patches for three denial-of-service (DoS) vulnerabilities in Hyper-V software that could allow an attacker with a privileged account on a guest operating system to crash the host operating system. \n \nUsers and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers. \n \nFor installing the latest security updates, you can head on to Settings \u2192 Update &amp; Security \u2192 Windows Update \u2192 Check for updates on your computer, or you can install the updates manually. \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T18:08:00", "type": "thn", "title": "Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0722", "CVE-2019-1019", "CVE-2019-1040"], "modified": "2019-06-11T18:49:11", "id": "THN:9B966D7333226606F54AD717A81F6D7E", "href": "https://thehackernews.com/2019/06/windows-june-updates.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:00", "description": "[](<https://thehackernews.com/images/-VpIzIXnr6Nc/XbAJseFx07I/AAAAAAAA1ec/Qnh5aiPdiCQlHbBgTV9PXYNq9lXX5-VhwCLcBGAsYHQ/s728-e100/cdn-cache-poisoning-dos-attack.png>)\n\nA team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. \n \nThe issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs) services, including Amazon CloudFront, Cloudflare, Fastly, Akamai, and CDN77. \n \nIn brief, a Content Distribution Network (CDN) is a geographically distributed group of servers that sit between the origin server of a website and its visitors to optimize the performance of the website. \n \nA CDN service simply stores/caches static files\u2014including HTML pages, JavaScript files, stylesheets, images, and videos\u2014from the origin server and delivers them to visitors more quickly without going back to the originating server again and again. \n \nEach of the geographically distributed CDN server, known as edge nodes, then also shares the exact copy of the cache files and serve them to visitors based on their locations. \n \nGenerally, after a defined time or when manually purged, the CDN servers refresh the cache by retrieving a new updated copy of each web page from the origin server and store them for future requests. \n \n\n\n## How Does CPDoS Attack Work Against CDNs?\n\n \n\n\n[](<https://thehackernews.com/images/-CiTq1kRT9ns/XbAIQ6a450I/AAAAAAAA1eQ/sjDtMx7Fj-c6tUhqzrEnfFb0WZtm1sn6ACLcBGAsYHQ/s728-e100/cdn-cache-poisoning-denial-of-service.png>)\n\n \nDubbed** CPDoS**, short for Cache Poisoned Denial of Service, the attack resides in the way intermediate CDN servers are incorrectly configured to cache web resources or pages with error responses returned by the origin server. \n \nThe CPDoS attack threatens the availability of the web resources of a website just by sending a single HTTP request containing a malformed header, according to three German academics, Hoai Viet Nguyen, Luigi Lo Iacono, and Hannes Federrath. \n \n \n \n\"The problem arises when an attacker can generate an HTTP request for a cacheable resource where the request contains inaccurate fields that are ignored by the caching system but raise an error while processed by the origin server.\" \n \n\n\nHere's how the CPDoS attack works:\n\n \n\n\n * A remote attacker requests a web page of a target website by sending an HTTP request containing a malformed header.\n * If the intermediate CDN server doesn't have a copy of the requested resource, it will forward the request to the origin web server, which will get crash due to the malformed header.\n * As a consequence, the origin server then returns an error page, which eventually gets stored by the caching server instead of the requested resource.\n * Now, whenever legitimate visitors try to obtain the target resource, they will be served the cached error page instead of the original content.\n * The CDN server will also spread the same error page to other edge nodes of the CDN's network as well, rendering targeted resources of the victim's website unavailable.\n \n\"It is worth noting that one simple request is sufficient to replace the genuine content in the cache by an error page. This means that such a request remains below the detection threshold of web application firewalls (WAFs) and DDoS protection means, in particular, as they scan for large amounts of irregular network traffic.\" \n \n\"Moreover, CPDoS can be exploited to block, e.g., patches or firmware updates distributed via caches, preventing vulnerabilities in devices and software from being fixed. Attackers can also disable important security alerts or messages on mission-critical websites such as online banking or official governmental websites.\" \n \n\n\n## 3 Ways to Launch CPDoS Attacks\n\n \n\n\n \nTo carry out this cache poisoning attacks against CDNs, the malformed HTTP request can be of three types: \n \n\n\n * **HTTP Header Oversize (HHO) **\u2014 An HTTP request containing an oversized header that works in scenarios where a web application uses a cache that accepts a larger header size limit than the origin server.\n * **HTTP Meta Character (HMC)** \u2014 Instead of sending an oversized header, this attack tries to bypass a cache with a request header containing a harmful meta character, such as line break/carriage return (\\n), line feed (\\r) or bell (\\a).\n * **HTTP Method Override (HMO)** \u2014 Using HTTP override header to bypass the security policy that prohibits DELETE requests.\n \n\n\n## CDN Services Vulnerable to CPDoS Attacks\n\n \nResearchers carried out three attacks against different combinations of web caching systems and HTTP implementations and found that Amazon's CloudFront CDN is the most vulnerable to the CPDoS attack. \n \n \n \n\n\n> \"We analyze the caching behavior of error pages of fifteen web caching solutions and contrast them to the HTTP specifications. We identify one proxy cache product and five CDN services that are vulnerable to CPDoS.\"\n\n \nThe complete results of their tests are as follows: \n \n\n\n[](<https://thehackernews.com/images/-ufNni2Qc8yE/XbALeGaqEEI/AAAAAAAA1eo/0abswiNgaHgGio6XQ0AX0iP_4EaPOhC0wCLcBGAsYHQ/s728-e100/cdn-security.png>)\n\n \nTo be noted, sites running behind some of the listed CDN services are vulnerable because of their own misconfiguration that doesn't prevent caching servers from storing error pages, and due any weakness in the respective CDN service. \n \n\n\n> \"According to our experiments, CDN77 is RFC compliant and does not cache error pages that may not be cached according to the specification. We do agree that CDN77 is not causing our discovered CPDoS vulnerabilities,\" one of the researchers [confirmed](<https://twitter.com/Swati_THN/status/1187219416125071360>) The Hacker News on Twitter.\n\n \n\n\n> \"Websites using CDN77 may be vulnerable to CPDoS if the origin server is misconfigured or provides a way to provoke cacheable error pages. This is out of the control sphere of the caching service and lies in the responsibility of the service owner.\"\n\n \nThe team reported their findings to the affected HTTP implementation vendors and cache providers on February 19, 2019. Amazon Web Services (AWS) team confirmed the vulnerabilities on CloudFront and addressed the issue by prohibiting caching of error pages with the status code 400 Bad Request by default. \n \nMicrosoft also acknowledged the reported issues and published an update to mitigate this vulnerability, assigned as [CVE-2019-0941](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0941>), in its [June 2019 monthly security](<https://thehackernews.com/2019/06/windows-june-updates.html>) updates. \n \nPlay Framework also confirmed the reported issues and patched their product against the CPDoS attack by limiting the impact of the X-HTTP-Method-Override header in Play Framework versions [1.5.3 and 1.4.6](<https://github.com/playframework/play1/issues/1300>). \n \nOther affected vendors, including Flask, were contacted multiple times, but researchers did not receive any response from them. \n \nFor more details on this new web cache poisoning attack and its variations, you can simply head on to the research paper [[PDF](<https://cpdos.org/paper/Your_Cache_Has_Fallen__Cache_Poisoned_Denial_of_Service_Attack__Preprint_.pdf>)] titled \"Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack.\"\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-23T08:22:00", "type": "thn", "title": "New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0941"], "modified": "2019-10-24T05:34:08", "id": "THN:DE75CD7956BAB116B16CC505A5BB0C47", "href": "https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "talosblog": [{"lastseen": "2019-06-15T08:23:19", "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 88 vulnerabilities, 18 of which are rated \u201ccritical,\" 69 that are considered \"important\" and one \"moderate.\" This release also includes a critical advisory regarding security updates to Adobe Flash Player. \n \nThis month\u2019s security update covers security issues in a variety of Microsoft\u2019s products, including the Chakra scripting engine, the Jet database engine and Windows kernel. For more on our coverage of these bugs, check out the Snort blog post here, covering all of the new rules we have for this release. \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 19 critical vulnerabilities this month, 10 of which we will highlight below. \n \n[CVE-2019-0988](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0988>), [CVE-2019-0989,](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0989>) [CVE-2019-0991](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0991>), [CVE-2019-0992](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0992>), [CVE-2019-0993](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0993>), [CVE-2019-1002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1002>), [CVE-2019-1003](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1003>) and [CVE-2019-1024](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1024>) are all memory corruption vulnerabilities in the Chakra scripting engine. An attacker could exploit any of these bugs by tricking a user into visiting a specially crafted, malicious website while using the Microsoft Edge browser. If successful, the attacker could then corrupt memory in such a way that would allow them to take control of an affected system. \n \n[CVE-2019-0620](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0620>) is a remote code execution vulnerability in Windows Hyper-V that exists when Hyper-V fails to properly validate input on a host server from an authenticated user using a guest operating system. An attacker could exploit this bug by running a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. \n[ \n](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0888>)[CVE-2019-0888](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0888>) is a remote code execution vulnerability that exists in the way ActiveX Data Obejcts handles object in memory. An attacker could exploit this vulnerability by tricking the user into visiting a specially crafted, malicious website. If successful, the attacker could then execute code in the context of the current user. \n \nThe other critical vulnerabilities are: \n\n\n[](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0709/>)\n * [](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0709/>)[CVE-2019-0709](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0709/>)\n * [CVE-2019-0722](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0722/>)\n * [CVE-2019-0985](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0985/>)\n * [CVE-2019-0990](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0990/>)\n * [CVE-2019-1038](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-1038/>)\n * [CVE-2019-1051](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-1051/>)\n * [CVE-2019-1052](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-1052/>)\n * [CVE-2019-1055](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-1055/>)\n\n### Important vulnerabilities\n\nThis release also contains 65 important vulnerabilities, one of which we will highlight below. \n \n[CVE-2019-1065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1065>) is an elevation of privilege vulnerability that occurs when the Windows kernel improperly handles objects in memory. An attacker would first have to log onto the system in order to exploit this vulnerability, and then run a specially crafted application to take control of the system. They would then have the ability to run arbitrary code in kernel mode. \n \nThe other important vulnerabilities are: \n \n\n\n * [CVE-2019-0710](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0710>)\n * [CVE-2019-0711](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0711>)\n * [CVE-2019-0713](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0713>)\n * [CVE-2019-0904](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0904>)\n * [CVE-2019-0905](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0905>)\n * [CVE-2019-0906](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0906>)\n * [CVE-2019-0907](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0907>)\n * [CVE-2019-0908](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0908>)\n * [CVE-2019-0909](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0909>)\n * [CVE-2019-0941](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0941>)\n * [CVE-2019-0943](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0943>)\n * [CVE-2019-0959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0959>)\n * [CVE-2019-0960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0960>)\n * [CVE-2019-0968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0968>)\n * [CVE-2019-0972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0972>)\n * [CVE-2019-0973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0973>)\n * [CVE-2019-0974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0974>)\n * [CVE-2019-0977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0977>)\n * [CVE-2019-0983](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0983>)\n * [CVE-2019-0984](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0984>)\n * [CVE-2019-0986](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0986>)\n * [CVE-2019-0998](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0998>)\n * [CVE-2019-1005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1005>)\n * [CVE-2019-1007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1007>)\n * [CVE-2019-1009](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1009>)\n * [CVE-2019-1010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1010>)\n * [CVE-2019-1011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1011>)\n * [CVE-2019-1012](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1012>)\n * [CVE-2019-1013](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1013>)\n * [CVE-2019-1014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1014>)\n * [CVE-2019-1015](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1015>)\n * [CVE-2019-1016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1016>)\n * [CVE-2019-1017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1017>)\n * [CVE-2019-1018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1018>)\n * [CVE-2019-1019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1019>)\n * [CVE-2019-1021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1021>)\n * [CVE-2019-1022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1022>)\n * [CVE-2019-1023](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1023>)\n * [CVE-2019-1025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1025>)\n * [CVE-2019-1026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1026>)\n * [CVE-2019-1027](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1027>)\n * [CVE-2019-1028](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1028>)\n * [CVE-2019-1029](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1029>)\n * [CVE-2019-1031](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031>)\n * [CVE-2019-1032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1032>)\n * [CVE-2019-1033](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033>)\n * [CVE-2019-1034](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034>)\n * [CVE-2019-1035](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1035>)\n * [CVE-2019-1036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036>)\n * [CVE-2019-1039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1039>)\n * [CVE-2019-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040>)\n * [CVE-2019-1041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1041>)\n * [CVE-2019-1043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1043>)\n * [CVE-2019-1044](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1044>)\n * [CVE-2019-1045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1045>)\n * [CVE-2019-1046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1046>)\n * [CVE-2019-1047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1047>)\n * [CVE-2019-1048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1048>)\n * [CVE-2019-1049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1049>)\n * [CVE-2019-1050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1050>)\n * [CVE-2019-1053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1053>)\n * [CVE-2019-1054](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1054>)\n * [CVE-2019-1064](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064>)\n * [CVE-2019-1069](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069>)\n \n\n\n### Moderate vulnerability\n\nThere is one moderate vulnerability, [CVE-2019-0948](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0948>), which is an information disclosure vulnerability in Windows Event Manager. \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing the following SNORT\u24c7 rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: 44813-44814, 48051-48052, 49762-49765, 50162-50163, 50183-50184, 50198-50199, 50357-50376, 50393-50408, 50411-50414\n\n", "cvss3": {}, "published": "2019-06-11T11:42:30", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 June 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0710", "CVE-2019-0711", "CVE-2019-0713", "CVE-2019-0722", "CVE-2019-0888", "CVE-2019-0904", "CVE-2019-0905", "CVE-2019-0906", "CVE-2019-0907", "CVE-2019-0908", "CVE-2019-0909", "CVE-2019-0941", "CVE-2019-0943", "CVE-2019-0948", "CVE-2019-0959", "CVE-2019-0960", "CVE-2019-0968", "CVE-2019-0972", "CVE-2019-0973", "CVE-2019-0974", "CVE-2019-0977", "CVE-2019-0983", "CVE-2019-0984", "CVE-2019-0985", "CVE-2019-0986", "CVE-2019-0988", "CVE-2019-0989", "CVE-2019-0990", "CVE-2019-0991", "CVE-2019-0992", "CVE-2019-0993", "CVE-2019-0998", "CVE-2019-1002", "CVE-2019-1003", "CVE-2019-1005", "CVE-2019-1007", "CVE-2019-1009", "CVE-2019-1010", "CVE-2019-1011", "CVE-2019-1012", "CVE-2019-1013", "CVE-2019-1014", "CVE-2019-1015", "CVE-2019-1016", "CVE-2019-1017", "CVE-2019-1018", "CVE-2019-1019", "CVE-2019-1021", "CVE-2019-1022", "CVE-2019-1023", "CVE-2019-1024", "CVE-2019-1025", "CVE-2019-1026", "CVE-2019-1027", "CVE-2019-1028", "CVE-2019-1029", "CVE-2019-1031", "CVE-2019-1032", "CVE-2019-1033", "CVE-2019-1034", "CVE-2019-1035", "CVE-2019-1036", "CVE-2019-1038", "CVE-2019-1039", "CVE-2019-1040", "CVE-2019-1041", "CVE-2019-1043", "CVE-2019-1044", "CVE-2019-1045", "CVE-2019-1046", "CVE-2019-1047", "CVE-2019-1048", "CVE-2019-1049", "CVE-2019-1050", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1053", "CVE-2019-1054", "CVE-2019-1055", "CVE-2019-1064", "CVE-2019-1065", "CVE-2019-1069"], "modified": "2019-06-11T11:42:30", "id": "TALOSBLOG:A2A267E7C20665C55127A15BC5B9F7BD", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/mq1Y7axZhN0/microsoft-patch-tuesday-june-2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-05-17T02:04:53", "description": "UPDATE\n\nTwo Microsoft vulnerabilities, [CVE-2019-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040>) and [CVE-2019-1019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1019>), would allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS.\n\nAccording to researchers at Preempt, who discovered the flaws, the two CVEs consist of three logical flaws in NTLM, the company\u2019s proprietary authentication protocol. A successful exploit would allow an attacker to read all users\u2019 emails; authenticate to any cloud resource that is controlled by ADFS; remotely execute code on any machine the victim has privileges on; and modify various network configuration to create backdoors.\n\n\u201cNTLM is susceptible to relay attacks, which allows actors to capture an authentication and relay it to another server, granting them the ability to perform operations on the remote server using the authenticated user\u2019s privileges,\u201d they explained in a write-up released Tuesday and shared with Threatpost ahead of publication. \u201cNTLM Relay is one of the most common attack techniques used in Active Directory environments, where the attacker compromises one machine, then moves laterally to other machines by using NTLM authentication directed at the compromised server.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nWhile Microsoft has previously developed several mitigations for preventing NTLM relay attacks, Preempt researchers discovered bugs in those mitigations that can be exploited by attackers.\n\nAll Windows versions are vulnerable, and the attack surface is vast.\n\n\u201cIt\u2019s probably all networks that have an Active Directory, and this is the vast majority of networks in the world,\u201d Preempt researcher Yaron Ziner told Threatpost. \u201cWe don\u2019t have official statistics, but this is definitely more than 90 percent of networks. The most notable fact in our opinion is the fact that we managed to breach all NTLM mitigations and any NTLM usage can result in network compromise.\u201d\n\nEven though NTLM relay is an old attack technique, enterprises cannot completely eliminate the use of the protocol as it will break many applications, Preempt researchers said. However, Microsoft has issued patches for the two bugs as part of its June Patch Tuesday Update. Full protection, however, will also require configuration changes.\n\n\u201cThe patch Microsoft will issue will not be enough to stop the described attacks,\u201d Ziner said. \u201cSecure configuration is needed to be fully protected, and usage of old protocol versions is still exploitable. You need to monitor traffic carefully and analyze network configuration to be 100 percent protected.\n\nCVE-2019-1040 has a base CVSS v3.0 score of 5.3, making it a medium-severity bug; the other, CVE-2019-1019, has a base score of 8.5, ranking it as high-severity. Microsoft ranks both as \u201cimportant.\u201d Researchers at Preempt said they considered the bugs to be critical, however.\n\n\u201cWe do not know always know how Microsoft will score a vulnerability,\u201d Ziner said. \u201cMicrosoft might downplay the impact of these issues, but as experts in network security and NTLM, we believe they are critical. We stand by our assessment [that the bugs are critical] and cannot think of any network in the world that will not be compromised using these vulnerabilities.\u201d\n\n## The Flaws\n\nThree logical flaws are at the heart of the vulnerabilities.\n\nThe first has to do with the Message Integrity Code (MIC) field, which ensures that attackers do not tamper NTLM messages. According Preempt\u2019s [write-up](<https://blog.preempt.com/drop-the-mic>) on the flaw, the bypass allows attackers to remove the \u2018MIC\u2019 protection and modify various fields in the NTLM authentication flow, such as signing negotiation.\n\nThe second weakness is in the SMB Session Signing, which prevents attackers from relaying NTLM authentication messages to establish SMB and DCE/RPC sessions. This bypass, according [to the analysis](<https://blog.preempt.com/your-session-key-is-my-session-key>), enables attackers to relay NTLM authentication requests to any server in the domain, including domain controllers, while establishing a signed session to perform remote code execution. If the relayed authentication is of a privileged user, this means full domain compromise.\n\nAnd finally, Enhanced Protection for Authentication (EPA) prevents attackers from relaying NTLM messages to TLS sessions has a flaw. The bypass here, [as described](<https://blog.preempt.com/how-to-easily-bypass-epa>), allows attackers to modify NTLM messages to generate legitimate channel binding information. This allows attackers to connect to various web servers using the attacked user\u2019s privileges and perform operations such as reading the user\u2019s emails (by relaying to OWA servers) or even connecting to cloud resources (by relaying to ADFS servers).\n\nIn terms of how an attacker would use an exploit for the bugs in real life, Ziner told Threatpost that \u201ca user that connects to a compromised server (in many cases, this can be triggered by an attacker, e.g, by a phishing email), credentials will be stolen with a 100 percent probability by an attacker.\u201d\n\nFor a successful exploit, \u201can attacker would mainly need some way to intercept NTLM sessions (there are several known techniques to accomplish this),\u201d he added. \u201cExploitation is difficult in the sense that only a technology expert could code an exploit. However, once open-source exploits would be available, it would be very easy to exploit.\u201d\n\nAfter patching, the network administrators should make the recommended configuration changes, researchers said: These include turning on SMB Signing on all machines in the network; completely blocking the outdated version of the protocol, NTLMv1; enforcing LDAP signing and LDAPS channel binding on domain controllers; hardening all web servers (OWA, ADFS) to accept only requests with EPA; and removing NTLM where it is not needed.\n\n_This story was updated at 3:27 p.m. on June 11 to reflect revised severity ratings, after Microsoft issued its patches. And, updated at 9 a.m. on June 12 to include a comment from Preempt on why the firm considers the bugs to be \u201ccritical.\u201d_\n\n**_Ransomware is on the rise: _**[**_Don\u2019t miss our free Threatpost webinar _**](<https://attendee.gotowebinar.com/register/611039692762707715?source=enews>)**_on the ransomware threat landscape, June 19 at 2 p.m. ET. _****_Join _****_Threatpost _****_and a panel of experts as they discuss_****_ how to manage the risk associated with this unique attack type,_** **_with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers._**\n", "cvss3": {}, "published": "2019-06-11T16:00:39", "type": "threatpost", "title": "Near-Ubiquitous Microsoft RCE Bugs Affect All Versions of Windows", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-1019", "CVE-2019-1040"], "modified": "2019-06-11T16:00:39", "id": "THREATPOST:32543D9C50E016B8E5F07112935E35F8", "href": "https://threatpost.com/critical-microsoft-rce-bugs-windows/145572/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-04-11T11:45:21", "description": "Microsoft patched four Windows operating system bugs \u2013 all of which are already publicly known or have proof of concept exploits \u2013 as part of its June Patch Tuesday security bulletin. Each of the vulnerabilities are rated important and there are no reports of public exploitation for the flaws.\n\nThe four bugs are part of a total of 88 vulnerabilities that were patched by Microsoft this month, 21 of which are rated critical, 66 rated important and one moderate.\n\nRaising the most concern among security experts are the four bugs that are publicly known. One of those bugs ([CVE-2019-1069](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069>)) is a Windows Task Scheduler vulnerability affecting Windows 10, Server 2016 and later, according to Microsoft. The flaw, Microsoft reported, could allow Elevation of Privilege on the affected system. \n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cPublic disclosure is an indicator of increased risk,\u201d wrote Chris Goettl, director of product management, security at Ivanti in a written analysis. \u201cThis means attackers have had early access to engineer an exploit to take advantage of these vulnerabilities.\u201d\n\nGoettl warned all four of the previously known bugs (CVE-2019-1069, [CVE-2019-1064](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064>), [CVE-2019-1053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1053>) and [CVE-2019-0973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0973>)) should be a patching priority for system administrators.\n\nAnother bug CVE-2019-1064 is a vulnerability in Windows, which could allow Elevation of Privilege on the affected system. Affected is Windows 10, Server 2016 and later.\n\nThe third bug (CVE-2019-1053) is a Windows Shell vulnerability that could also create Elevation of Privilege conditions on the affected system by escaping a sandbox, according to Microsoft. The flaw affects all currently supported Windows operating systems. The last of the four publicly known bugs (CVE-2019-0973) is a vulnerability in Windows Installer that could also allow Elevation of Privilege on the affected system due to improper sanitization of input from loaded libraries.\n\n## Hyper-V and Office Vulnerabilities\n\nSecurity researchers are also flagging three hypervisor escape bugs in Hyper-V. Three remote code execution vulnerabilities ([CVE-2019-0620](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0620>), [CVE-2019-0709](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0709>), and [CVE-2019-0722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0722>)) are patched in Hyper-V that would allow an authenticated user on a guest system to run arbitrary code on the host system, noted Jimmy Graham, a director at Qualys [in his Patch Tuesday commentary](<https://blog.qualys.com/laws-of-vulnerabilities/2019/06/11/june-2019-patch-tuesday-88-vulns-21-critical-hyper-v-escape-adobe-vulns>). \u201cMicrosoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for Hyper-V systems.\u201d\n\nPatches for two potentially serious remote code execution vulnerabilities in Microsoft Word ([CVE-2019-1034](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1034>) and [CVE-2019-1035](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1035>)) are also worth prioritizing, according to commentary from Allan Liska, threat intelligence analyst at Recorded Future. This vulnerability affects all versions of Microsoft Word on Windows and Mac as well as Office 365, according to Microsoft.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/14160018/bug-fix.jpg>)\u201cGiven that Microsoft Word Documents are a favorite exploitation tool of cybercriminals, if this vulnerability is reverse engineered it could be widely exploited,\u201d he said.\n\nLiska said both are memory corruption vulnerabilities that require an attacker to send a specially crafted Microsoft Word document for a victim to open. He said that alternatively, an attacker could convince a victim to click on a link to website hosting a malicious Microsoft Word document.\n\nAlso affecting Office are three cross-site scripting vulnerabilities in SharePoint ([CVE-2019-1031](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031>), [CVE-2019-1033](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033>) and [CVE-2019-1036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036>)). \u201c[The] vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server,\u201d Microsoft wrote of each of the CVEs. A successful exploit of either of the bugs allows an adversary to read unauthorized content, use the victim\u2019s identity to further access a SharePoint site and change permissions, delete content or place malicious context of the user\u2019s browser.\n\n## NTLM Relay Attack Bug\n\nTwo moderate vulnerabilities [CVE-2019-1040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040>) and [CVE-2019-1019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1019>) were patched by Microsoft that allowed attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS.\n\nAccording to researchers at Preempt, [who discovered the flaws](<https://threatpost.com/critical-microsoft-rce-bugs-windows/145572/>), the two CVEs consist of three logical flaws in NTLM, the company\u2019s proprietary authentication protocol.\n\nAside from the 88 bugs patched, Microsoft released a number of advisories. Here they are as reported by Qualys:\n\n * [ADV190016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190016>) Disables the ability to use certain Bluetooth Low Energy FIDO security keys, due to a [vulnerability](<https://nvd.nist.gov/vuln/detail/CVE-2019-2102>) that was disclosed in May. [Google](<https://security.googleblog.com/2019/05/titan-keys-update.html>) and [Feitian](<https://www.ftsafe.com/replacement/>) have issued advisories for customers of these keys.\n * [ADV190017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190017>) fixes several vulnerabilities in HoloLens that could allow an unauthenticated attacker to DoS or compromise HoloLens devices if they are in close proximity.\n * [ADV190018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190018>) refers to a \u201cMicrosoft Exchange Server Defense in Depth Update,\u201d but there are no details provided around the update as of the time of this writing.\n\n**_Ransomware is on the rise: _**[**_Don\u2019t miss our free Threatpost webinar _**](<https://attendee.gotowebinar.com/register/611039692762707715?source=enews>)**_on the ransomware threat landscape, June 19 at 2 p.m. ET. _****_Join _****_Threatpost _****_and a panel of experts as they discuss_****_ how to manage the risk associated with this unique attack type,_** **_with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers._**\n", "cvss3": {}, "published": "2019-06-11T20:29:45", "type": "threatpost", "title": "Microsoft Patches Four Publicly-Known Vulnerabilities", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0722", "CVE-2019-0973", "CVE-2019-1019", "CVE-2019-1031", "CVE-2019-1033", "CVE-2019-1034", "CVE-2019-1035", "CVE-2019-1036", "CVE-2019-1040", "CVE-2019-1053", "CVE-2019-1064", "CVE-2019-1069", "CVE-2019-2102"], "modified": "2019-06-11T20:29:45", "id": "THREATPOST:040A4A9D0367AA2E807A97FB83D00240", "href": "https://threatpost.com/microsoft-patches-four-publicly-known-vulnerabilities/145594/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-12T21:53:50", "description": "A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine.\n\nThe bugs are grouped under one umbrella (CVE-2019-0948) and are found in the Microsoft Management Console (MMC), according to Check Point researchers Eran Vaknin and Alon Boxiner,\n\n\u201cThe goal of MMC is to provide a programming platform for creating and hosting applications that manage Microsoft Windows-based environments, and to provide a simple, consistent and integrated management user interface and administration model,\u201d they explained [in a breakdown](<https://research.checkpoint.com/microsoft-management-console-mmc-vulnerabilities>) of the vulnerabilities, given to clients last week but just made public on Monday. As such, a compromised PC would offer access to a range of privileged functions and access.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe issues include multiple cross-site scripting (XSS) bugs and XML external entity (XXE) problems. One set of flaws includes multiple XSS vulnerabilities that exist in WebView.\n\nAttackers can exploit the bugs by abusing the \u201csnap-in\u201d mechanism in MMC, the researchers said. [MMC snap-ins](<https://www.itprotoday.com/windows-78/microsoft-management-console-snap-ins>) are the actual management tools available for the platform. The console \u2014 sometimes referred to as a \u201ctools host\u201d \u2014 is simply a framework into which the snap-ins are added. Snap-ins include ActiveX Control, Link to Web Address and so on.\n\nTo exploit the vulnerability, an attacker would create a snap-in file (with the .msc file extension) containing specially crafted XML content, and then convince an authenticated user to import the file using any number of social-engineering techniques.\n\nThe researchers explained that if an attacker creates a file with the Link to Web Address snap-in, he can insert a URL link to his own server within it, thus directing victims to an HTML page with a malicious payload.\n\n\u201cAs the victim opens the malicious .msc file, a WebView is opened (within the MMC window) and the malicious payload is executed,\u201d the researchers explained. \u201cWe have successfully managed to insert a malicious URL link that contains malicious payloads, such as redirection to SMB server that will capture the user NTLM hash. Moreover, it is also possible to execute VBS script on the victims\u2019 host via the mentioned WebView.\u201d\n\nSimilarly, an attacker can choose to create a file with the ActiveX Control snap-in (all ActiveX controls are vulnerable, the researchers said) and save it as an .msc file. \u201cIn the .msc file, under the StringsTables section, the attacker changes the third string value to a malicious URL under his control, containing an HTML page with a malicious payload,\u201d the two explained.\n\nAlso included in the CVE is an XXE vulnerability due to a faulty XML parser.\n\n\u201cA victim opens the MMC and chooses the event viewer snap-in and clicks on \u2018Action\u2019 \u2013 and then on \u2018Import Custom View,'\u201d the researchers said. \u201cAs soon as a malicious XML file is chosen (containing an XXE payload) any file from the victim\u2019s host is sent to the attacker.\u201d\n\nMicrosoft, [in its advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0948>), described it tersely as a moderate-severity information-disclosure bug.\n\n\u201cAn information-disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity,\u201d it said. \u201cAn attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.\u201d\n\nMicrosoft patched the issues in its [June Patch Tuesday update](<https://threatpost.com/microsoft-patches-four-publicly-known-vulnerabilities/145594/>).\n\nHowever, Vaknin and Boxiner said that the bugs could allow a more serious attack than just information disclosure.\n\nThe researchers told Threatpost, \u201cThe most notable aspect is that MMC files are being used\u2026by IT administrators, anti-virus does not categorize those files as malicious and it is possible to take control over the victim PC by exploiting the vulnerabilities.\u201d That PC would have admin status, allowing adversaries to penetrate further into the network.\n\nWindows 7, Windows 8.1, Windows 10, and Windows Server 2008 to Windows Server 2019 are vulnerable and should be updated, they added. So far, there is no evidence of exploitation.\n\n**_Ransomware is on the rise: _**[**_Don\u2019t miss our free Threatpost webinar _**](<https://attendee.gotowebinar.com/register/611039692762707715?source=ART>)**_on the ransomware threat landscape, June 19 at 2 p.m. ET. _****_Join _****_Threatpost _****_and a panel of experts from Malwarebytes, Recorded Future and Moss Adams as they discuss_****_ how to manage the risk associated with this unique attack type,_** **_with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers._**\n", "cvss3": {}, "published": "2019-06-18T15:01:07", "type": "threatpost", "title": "Microsoft Management Console Bugs Allow Windows Takeover", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-0948"], "modified": "2019-06-18T15:01:07", "id": "THREATPOST:93C6C6F1F74B11C3D7F109589684DAED", "href": "https://threatpost.com/microsoft-management-console-bugs/145791/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "qualysblog": [{"lastseen": "2019-06-15T08:21:08", "description": "This month's Microsoft Patch Tuesday addresses 88 vulnerabilities with 21 of them labeled as Critical. Of the 21 Critical vulns, 17 are for scripting engines and browsers, and 3 are potential hypervisor escapes in Hyper-V. The remaining vulnerability is an RCE in the Microsoft Speech API. Microsoft also issued guidance on Bluetooth Low Energy FIDO keys, HoloLens, and Microsoft Exchange. Adobe issues patches today for Flash, ColdFusion, and Campaign.\n\n### Workstation Patches\n\nScripting Engine and Browser patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.\n\n### Hyper-V Hypervisor Escape\n\nThree remote code execution vulnerabilities ([CVE-2019-0620](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0620>), [CVE-2019-0709](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0709>), and [CVE-2019-0722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0722>)) are patched in Hyper-V that would allow an authenticated user on a guest system to run arbitrary code on the host system. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for Hyper-V systems.\n\n### Microsoft Speech API RCE\n\nA remote code execution vulnerability ([CVE-2019-0985](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0985>)) exists in the Microsoft Speech API. This impacts Windows 7 and Server 2008 R2, and requires a user to open a malicious document in order to exploit.\n\n### Advisories\n\nMicrosoft also issued several advisories:\n\n * [ADV190016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190016>) Disables the ability to use certain Bluetooth Low Energy FIDO security keys, due to a [vulnerability](<https://nvd.nist.gov/vuln/detail/CVE-2019-2102>) that was disclosed in May. [Google](<https://security.googleblog.com/2019/05/titan-keys-update.html>) and [Feitian](<https://www.ftsafe.com/replacement/>) have issued advisories for customers of these keys.\n * [ADV190017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190017>) fixes several vulnerabilities in HoloLens that could allow an unauthenticated attacker to DoS or compromise HoloLens devices if they are in close proximity.\n * [ADV190018](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190018>) refers to a \"Microsoft Exchange Server Defense in Depth Update,\" but there are no details provided around the update as of the time of this writing.\n\n### Adobe Patch Tuesday\n\nAdobe released updates today for Flash, ColdFusion, and Campaign. The [Flash update](<https://helpx.adobe.com/security/products/flash-player/apsb19-30.html>) fixes one critical CVE, and should be prioritized for workstations that have Flash installed. The [ColdFusion updates](<https://helpx.adobe.com/security/products/coldfusion/apsb19-27.html>) address three vulnerabilities of various types, all labeled as Critical. Anyone running a ColdFusion server should test and patch as soon as possible. The [Adobe Campaign patch](<https://helpx.adobe.com/security/products/campaign/apsb19-28.html>) addresses 7 different vulnerabilities, with one labeled as Critical.", "cvss3": {}, "published": "2019-06-11T18:18:29", "type": "qualysblog", "title": "June 2019 Patch Tuesday \u2013 88 Vulns, 21 Critical, Hyper-V Escape, Adobe Vulns", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-0620", "CVE-2019-0709", "CVE-2019-0722", "CVE-2019-0985", "CVE-2019-2102"], "modified": "2019-06-11T18:18:29", "id": "QUALYSBLOG:548A2D8484377A20A276BF58474488F7", "href": "https://blog.qualys.com/laws-of-vulnerabilities/2019/06/11/june-2019-patch-tuesday-88-vulns-21-critical-hyper-v-escape-adobe-vulns", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-03-17T02:35:21", "description": "An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.\n\nTo exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file.\n\nThe update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Event Viewer Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0948"], "modified": "2020-03-10T07:00:00", "id": "MS:CVE-2019-0948", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0948", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\n\nThe security update addresses the vulnerability by ensuring the Windows NFS properly handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Network File System Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1045"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1045", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1045", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how comctl32.dll handles objects in memory.\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Comctl32 Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1043"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1043", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1043", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.\n\nThe security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Microsoft Browser Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1038"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1038", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1038", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.\n\nTo exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.\n\nThe security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Hyper-V Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.5, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0713"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0713", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0713", "cvss": {"score": 5.5, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses this vulnerability by correcting how Win32k handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1014"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1014", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1014", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Jet Database Engine Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0974"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0974", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0974", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Jet Database Engine Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0905"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0905", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0905", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.\n\nAn attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.\n\nThe security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.\n", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.4, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Hyper-V Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0620"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0620", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0620", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Jet Database Engine Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0904"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0904", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0904", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1039"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1039", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1039", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-17T02:35:21", "description": "This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.\n\nThe security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Local Security Authority Subsystem Service Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0972"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0972", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0972", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.\n\nTo exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature.\n\nThe update addresses the vulnerability by hardening NTLM MIC protection on the server-side.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows NTLM Tampering Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1040"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1040", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.\n\nTo exploit this vulnerability, an attacker would require unprivileged execution on the victim system.\n\nThe security update addresses the vulnerability by correctly validating folder shortcuts.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Shell Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1053"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1053", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1053", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0984"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0984", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0984", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Jet Database Engine Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0906"], "modified": "2019-07-01T07:00:00", "id": "MS:CVE-2019-0906", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0906", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.\n\nAn attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.\n\nThe security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Hyper-V Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0722"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0722", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0722", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\nAn attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.\n\nThe update addresses the vulnerability by correcting how Windows handles calls to ALPC.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows ALPC Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0943"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0943", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0943", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1046"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1046", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1046", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.\n\nA locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Installer Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0973"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0973", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0973", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.\n\nThe update addresses the vulnerability by correcting how Windows handles objects in memory.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1025"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1025", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1025", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1055"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1055", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1055", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\n\nThe security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Microsoft Browser Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1081"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1081", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1081", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Jet Database Engine Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0907"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0907", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0907", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1050"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1050", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1050", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Jet Database Engine Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0908"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0908", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0908", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.\n\nTo exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges.\n\nThe issue has been addressed by changing how NTLM validates network authentication messages.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Microsoft Windows Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1019"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-1019", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1019", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:35:21", "description": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing.\n\nThe security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Windows User Profile Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0986"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2019-0986", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0986", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-03-17T02:35:21", "description": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\n\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\n\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-06-11T07:00:00", "type": "mscve", "title": "Jet Database Engine Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {&q