Vulnerabilities of Windows operating systems, related to authentication deficiencies, allow attackers to escalate their privileges.

The vulnerability of Windows operating systems is related to authentication deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by running a specially created application...

CVE-2019-1322

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340...

September 10, 2019—KB4515384 (OS Build 18362.356)

September 10, 2019—KB4515384 OS Build 18362.356 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Note This release also contains updates for Microsoft HoloLens OS Build 18362.1031 released September 10, 2019. Microsoft will release an upda...

September 10, 2019—KB4516070 (OS Build 10240.18333)

September 10, 2019—KB4516070 OS Build 10240.18333 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer, Microsoft Office,...

September 10, 2019—KB4516051 (Security-only update)

September 10, 2019—KB4516051 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 32-B...

June 11, 2019—KB4503293 (OS Build 18362.175)

June 11, 2019—KB4503293 OS Build 18362.175 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Notes: This release also contains updates for Microsoft HoloLens OS Build 18362.1020 released June 11, 2019. Microsoft will release an update...

NTLM type-2 out-of-bounds buffer read

libcurl contains a heap buffer out-of-bounds read flaw. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server...

Microsoft Windows Multiple Vulnerabilities (KB4480963)

This host is missing an important security update according to Microsoft KB4480963 SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

January 8, 2019—KB4480973 (OS Build 15063.1563)

January 8, 2019—KB4480973 OS Build 15063.1563 Windows 10, version 1703, reached end of service on October 8, 2018 . Devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions will no longer receive monthly security and quality updates that contain protection from the latest...

December 11, 2018—KB4471324 (OS Build 17134.471)

December 11, 2018—KB4471324 OS Build 17134.471 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

August 9, 2016 — KB3176495 (OS Build 14393.51)

August 9, 2016 — KB3176495 OS Build 14393.51 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability for Internet Explorer 11. Addressed issue to keep pen click settings after...

May 17, 2018—KB4103722 (OS Build 15063.1112)

May 17, 2018—KB4103722 OS Build 15063.1112 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses additional issues with updated time zone information. Addresses an issue that causes...

Session fixation

Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record EMR system, where ISCV is in KIOSK mo...

CVE-2018-5438

Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record EMR system, where ISCV is in KIOSK mo...

CVE-2018-5438

The CVE-2018-5438 vulnerability affects Philips IntelliSpace Cardiovascular System (ISCV) prior to version 2.3.0. The issue is an insufficient session expiration that can allow reuse of a previously authenticated session when ISCV is used with an EMR in kiosk mode across multiple users using Wind...

CVE-2018-5438

Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record EMR system, where ISCV is in KIOSK mo...

February 13, 2018—KB4074588 (OS Build 16299.248)

February 13, 2018—KB4074588 OS Build 16299.248 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where child accounts are able to access InPrivate mode on ARM devices even...

The vulnerability of the OpenVPN package arises from the improper handling of client connections to HTTP proxies, allowing a hacker to execute arbitrary code.

The vulnerability of the OpenVPN package exists due to improper handling of client connections to HTTP proxies with NTLMv authentication. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

NTLM buffer overflow via integer overflow

libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curlntlmcoremkntlmv2hash sums up the lengths of the username + password = SUM and multiplies the sum by two = SIZE to figure out how large storage to allocate from the heap. The SUM value is subsequently...

The vulnerability of the Windows operating system’s network authentication protocol, NT LAN Manager (NTLM), allows a hacker to access user password hashes.

The vulnerability of the Windows operating system’s Network Authentication Protocol NTLM exists due to the incorrect implementation of the NTLM authentication algorithm. Exploiting this vulnerability allows a malicious actor to obtain access to user password hashes through a specially crafted SCF...