{"id": "SMNTC-107266", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows CVE-2019-0754 Local Denial of Service Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-03-12T00:00:00", "modified": "2019-03-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107266", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2019-0754"], "lastseen": "2019-03-12T23:49:54", "viewCount": 25, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-0754"]}, {"type": "mscve", "idList": ["MS:CVE-2019-0754"]}, {"type": "threatpost", "idList": ["THREATPOST:0C6C1B17AFD30FEDE0604F98C6C93413"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_MAR_4489882.NASL", "SMB_NT_MS19_MAR_4489891.NASL", "SMB_NT_MS19_MAR_4489871.NASL", "SMB_NT_MS19_MAR_4489881.NASL", "SMB_NT_MS19_MAR_4489872.NASL", "SMB_NT_MS19_MAR_4489878.NASL", "SMB_NT_MS19_MAR_4489899.NASL", "SMB_NT_MS19_MAR_4489886.NASL", "SMB_NT_MS19_MAR_4489868.NASL", "SMB_NT_MS19_MAR_4489880.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814692", "OPENVAS:1361412562310814695", "OPENVAS:1361412562310814696", "OPENVAS:1361412562310814937", "OPENVAS:1361412562310814936", "OPENVAS:1361412562310814697", "OPENVAS:1361412562310814693", "OPENVAS:1361412562310814694"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D9C5C0AB436B4386A2A294DC24E5D966"]}], "modified": "2019-03-12T23:49:54", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2019-03-12T23:49:54", "rev": 2}, "vulnersScore": 3.8}, "affectedSoftware": [{"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1607 for x64-based Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for x64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2012 R2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1703 for x64-based Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for 32-bit Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 for x64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2016 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for 32-bit Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "1803 "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 R2 for x64-based Systems SP1 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1607 for 32-bit Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1709 for 32-bit Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1709 for x64-based Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for x64-based Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for ARM64-based Systems "}, {"name": "Microsoft Windows", "operator": "eq", "version": "8.1 for 32-bit Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for 32-bit Systems SP2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 for 32-bit Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "1709 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1709 for ARM64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2012 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "7 for 32-bit Systems SP1 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for ARM64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2019 "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for x64-based Systems SP2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "7 for x64-based Systems SP1 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "8.1 for x64-based Systems "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for Itanium-based Systems SP2 "}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1703 for 32-bit Systems "}, {"name": "Microsoft Windows RT", "operator": "eq", "version": "8.1 "}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 R2 for Itanium-based Systems SP1 "}]}

{"cve": [{"lastseen": "2020-10-03T13:38:36", "description": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-09T00:29:00", "title": "CVE-2019-0754", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0754"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-"], "id": "CVE-2019-0754", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0754", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2020-11-13T00:29:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-0754"], "description": "A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.\n\nThe update addresses the vulnerability by correcting how Windows handles objects in memory.\n", "edition": 3, "modified": "2019-03-12T07:00:00", "id": "MS:CVE-2019-0754", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0754", "published": "2019-03-12T07:00:00", "title": "Windows Denial of Service Vulnerability", "type": "mscve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "threatpost": [{"lastseen": "2020-02-15T11:44:46", "bulletinFamily": "info", "cvelist": ["CVE-2019-0592", "CVE-2019-0683", "CVE-2019-0697", "CVE-2019-0698", "CVE-2019-0726", "CVE-2019-0754", "CVE-2019-0757", "CVE-2019-0797", "CVE-2019-0808", "CVE-2019-0809", "CVE-2019-5786"], "description": "Microsoft released patches for two Win32k bugs actively under attack, along with fixes for four additional bugs that are publicly known, as part of its March Patch Tuesday security bulletin. The Win32k bugs are both elevation of privilege vulnerabilities, rated important, and tied to the way Windows handles objects in memory.\n\n\u201cAn attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,\u201d wrote Microsoft in its security bulletin for both Win32k bugs ([CVE-2019-0797](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797>), [CVE-2019-0808](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808>)).\n\nOne of the bugs being actively exploited was reported by Kaspersky Lab, while the other was reported by the Google Threat Analysis Group. News broke last week that two vulnerabilities \u2013 CVE-2019-0808 and a separate Google Chrome [CVE-2019-5786](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786>) \u2013 were being actively exploited in the wild together. Now all three zero-days have been patched.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe four additional bugs, rated important, which are publicly known exploits ([CVE-2019-0683](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0683>), [CVE-2019-0754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0754>), [CVE-2019-0757](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757>) and [CVE-2019-0809](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809>)), ranged from an Active Directory elevation of privilege vulnerability to a Windows denial of service vulnerability.\n\nThe most interesting of the above bugs is CVE-2019-0757 \u2013 a NuGet package manager tampering vulnerability. According to commentary by researchers at the Zero Day Initiative, the patch corrects a bug in the NuGet package manager that allows an attacker to modify a package\u2019s folder structure.\n\n\u201cIf successful, [an adversary] could modify files and folders that are unpackaged on a system,\u201d ZDI wrote. \u201cIf done silently, an attacker could potentially propagate their modified package to many unsuspecting users of the package manager. Fortunately, this requires authentication, which greatly reduces the chances of this occurring. This is one of the four publicly known bugs for this month, so if you\u2019re a NuGet user, definitely get this patch.\u201d\n\n## 17 Critical Bugs, Slayed\n\nIn all, Microsoft reported 64 unique bugs, 17 critical, 45 rated important, one moderate and one rated low in severity.\n\n\u201cThere are three Windows DHCP Client Remote Code Execution vulnerabilities with a 9.8 CVSS score in this month\u2019s release,\u201d wrote Satnam Narang, senior research engineer at Tenable in security brief. \u201cThis is the third straight month that Microsoft patched high severity bugs in either Windows DHCP Client or Windows DHCP Server, signaling increased attention on finding DHCP bugs.\u201d\n\nThose DHCP bugs ([CVE-2019-0697](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0697>), [CVE-2019-0698](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0698>), [CVE-2019-0726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0726>)) could allow attackers to execute their code in the DHCP client on affected systems.\n\n\u201cThese bugs are particularly impactful since they require no user interaction \u2013 an attacker send a specially crafted response to a client \u2013 and every OS has a DHCP client,\u201d wrote [Dustin Childs in a blog post on the ZDI](<https://www.zerodayinitiative.com/blog/2019/3/12/the-march-2019-security-update-review>). \u201cThere would likely need to be a man-in-the-middle component to properly execute an attack, but a successful exploit would have wide-ranging consequences.\u201d\n\n## Battling Bad Scripting\n\nThis month\u2019s critical and important bug fixes were dominated by code execution flaws impacting Microsoft\u2019s Edge and Internet Explorer browsers. A Chakra scripting engine memory corruption vulnerability ([CVE-2019-0592](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592>)) patched by Microsoft is typical.\n\nThe flaw (CVE-2019-0592) is tied to the way the Chakra JavaScript scripting engine handles objects in memory in Microsoft Edge. \u201cAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system,\u201d Microsoft wrote. The attack scenario includes a booby-trapped website where specially crafted content triggers the attack chain.\n\nOn Tuesday, Microsoft also include three advisories. Here they are verbatim:\n\n * [ADV190009](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190009>) announces SHA-2 Code Sign support for Windows 7 SP1 and Windows Server 2008 R2. This update will be [required](<https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus>) for any new patches released after July 2019. Older versions of WSUS should also be updated to distribute the new SHA-2 signed patches.\n * [ADV190005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190005>) gives guidance on sharing the same user account across multiple users. Microsoft discourages this behavior and considers it a major security risk.\n * [ADV190005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190005>) provides mitigations for a potential denial-of-service in http.sys when receiving HTTP/2 requests. The patch allows users to set a limit on how many SETTINGS parameters can be sent in a single request.\n\n**_Don\u2019t miss our free live _****_[Threatpost webinar](<https://attendee.gotowebinar.com/register/6499105876772027139?source=ART>)_****_, \u201cExploring the Top 15 Most Common Vulnerabilities with HackerOne and GitHub,\u201d on Wed., Mar 20, at 2:00 p.m. ET._**\n\n**_Vulnerability experts Michiel Prins, co-founder of webinar sponsor HackerOne, and Greg Ose, GitHub\u2019s application security engineering manager, will join Threatpost editor Tom Spring to discuss what vulnerability types are most common in today\u2019s software, and what kind of impact they would have on organizations if exploited._**\n", "modified": "2019-03-12T21:52:31", "published": "2019-03-12T21:52:31", "id": "THREATPOST:0C6C1B17AFD30FEDE0604F98C6C93413", "href": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/", "type": "threatpost", "title": "Microsoft Patches Two Win32k Bugs Under Active Attack", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:02:32", "bulletinFamily": "info", "cvelist": ["CVE-2019-0683", "CVE-2019-0690", "CVE-2019-0746", "CVE-2019-0808", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0702", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0756"], "description": "### *Detect date*:\n03/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, gain privileges.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2012 \nChakraCore \nInternet Explorer 11 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nInternet Explorer 10 \nWindows Server 2012 R2 \nWindows Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0754](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0754>) \n[CVE-2019-0617](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0617>) \n[CVE-2019-0614](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0614>) \n[CVE-2019-0775](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0775>) \n[CVE-2019-0774](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0774>) \n[CVE-2019-0756](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0756>) \n[CVE-2019-0755](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0755>) \n[CVE-2019-0772](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0772>) \n[CVE-2019-0759](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0759>) \n[CVE-2019-0690](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0690>) \n[CVE-2019-0603](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0603>) \n[CVE-2019-0702](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0702>) \n[CVE-2019-0703](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0703>) \n[CVE-2019-0704](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0704>) \n[CVE-2019-0746](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0746>) \n[CVE-2019-0767](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0767>) \n[CVE-2019-0765](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0765>) \n[CVE-2019-0667](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0667>) \n[CVE-2019-0666](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0666>) \n[CVE-2019-0782](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0782>) \n[CVE-2019-0784](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0784>) \n[CVE-2019-0683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0683>) \n[CVE-2019-0821](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0821>) \n[CVE-2019-0808](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0808>) \n[ADV190009](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190009>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-0667](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0667>)0.0Unknown \n[CVE-2019-0746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0746>)0.0Unknown \n[CVE-2019-0666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0666>)0.0Unknown \n[CVE-2019-0782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0782>)0.0Unknown \n[CVE-2019-0808](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0808>)0.0Unknown \n[CVE-2019-0772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0772>)0.0Unknown \n[CVE-2019-0704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0704>)0.0Unknown \n[CVE-2019-0759](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0759>)0.0Unknown \n[CVE-2019-0765](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0765>)0.0Unknown \n[CVE-2019-0754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0754>)0.0Unknown \n[CVE-2019-0775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0775>)0.0Unknown \n[CVE-2019-0756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0756>)0.0Unknown \n[CVE-2019-0603](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0603>)0.0Unknown \n[CVE-2019-0755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0755>)0.0Unknown \n[CVE-2019-0683](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0683>)0.0Unknown \n[CVE-2019-0614](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0614>)0.0Unknown \n[CVE-2019-0703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0703>)0.0Unknown \n[CVE-2019-0821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0821>)0.0Unknown \n[CVE-2019-0702](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0702>)0.0Unknown \n[CVE-2019-0690](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0690>)0.0Unknown \n[CVE-2019-0617](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0617>)0.0Unknown \n[CVE-2019-0784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0784>)0.0Unknown \n[CVE-2019-0767](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0767>)0.0Unknown \n[CVE-2019-0774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0774>)0.0Unknown\n\n### *KB list*:\n[4489878](<http://support.microsoft.com/kb/4489878>) \n[4489885](<http://support.microsoft.com/kb/4489885>) \n[4489880](<http://support.microsoft.com/kb/4489880>) \n[4489876](<http://support.microsoft.com/kb/4489876>) \n[4489873](<http://support.microsoft.com/kb/4489873>) \n[4474419](<http://support.microsoft.com/kb/4474419>) \n[4507456](<http://support.microsoft.com/kb/4507456>) \n[4507449](<http://support.microsoft.com/kb/4507449>) \n[4507452](<http://support.microsoft.com/kb/4507452>) \n[4507461](<http://support.microsoft.com/kb/4507461>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-03-12T00:00:00", "id": "KLA11876", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11876", "title": "\r KLA11876Multiple vulnerabiltiies in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T12:02:23", "bulletinFamily": "info", "cvelist": ["CVE-2019-0683", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0693", "CVE-2019-0767", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0702", "CVE-2019-0697", "CVE-2019-0765", "CVE-2019-0689", "CVE-2019-0694", "CVE-2019-0772", "CVE-2019-0726", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0698", "CVE-2019-0782", "CVE-2019-0692", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0766", "CVE-2019-0701", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0682"], "description": "### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4489881](<http://support.microsoft.com/kb/4489881>) \n[4489891](<http://support.microsoft.com/kb/4489891>) \n[4489883](<http://support.microsoft.com/kb/4489883>) \n[4489886](<http://support.microsoft.com/kb/4489886>) \n[4489899](<http://support.microsoft.com/kb/4489899>) \n[4489871](<http://support.microsoft.com/kb/4489871>) \n[4489868](<http://support.microsoft.com/kb/4489868>) \n[4489872](<http://support.microsoft.com/kb/4489872>) \n[4489884](<http://support.microsoft.com/kb/4489884>) \n[4489882](<http://support.microsoft.com/kb/4489882>) \n[4493441](<http://support.microsoft.com/kb/4493441>) \n[4493464](<http://support.microsoft.com/kb/4493464>) \n[4507464](<http://support.microsoft.com/kb/4507464>) \n[4507460](<http://support.microsoft.com/kb/4507460>) \n[4507457](<http://support.microsoft.com/kb/4507457>) \n[4507448](<http://support.microsoft.com/kb/4507448>) \n[4507453](<http://support.microsoft.com/kb/4507453>) \n[4507469](<http://support.microsoft.com/kb/4507469>) \n[4507435](<http://support.microsoft.com/kb/4507435>) \n[4507462](<http://support.microsoft.com/kb/4507462>) \n[4507455](<http://support.microsoft.com/kb/4507455>) \n[4507458](<http://support.microsoft.com/kb/4507458>) \n[4507450](<http://support.microsoft.com/kb/4507450>)\n\n### *Detect date*:\n03/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2016 \nWindows RT 8.1 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1803 for 32-bit Systems \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2019 \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for ARM64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0782](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0782>) \n[CVE-2019-0694](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0694>) \n[CVE-2019-0797](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0797>) \n[CVE-2019-0766](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0766>) \n[CVE-2019-0772](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0772>) \n[CVE-2019-0704](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0704>) \n[CVE-2019-0776](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0776>) \n[CVE-2019-0759](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0759>) \n[CVE-2019-0765](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0765>) \n[CVE-2019-0754](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0754>) \n[CVE-2019-0775](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0775>) \n[CVE-2019-0756](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0756>) \n[CVE-2019-0603](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0603>) \n[CVE-2019-0755](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0755>) \n[CVE-2019-0726](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0726>) \n[CVE-2019-0683](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0683>) \n[CVE-2019-0696](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0696>) \n[CVE-2019-0701](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0701>) \n[CVE-2019-0692](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0692>) \n[CVE-2019-0614](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0614>) \n[CVE-2019-0703](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0703>) \n[CVE-2019-0821](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0821>) \n[CVE-2019-0695](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0695>) \n[CVE-2019-0702](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0702>) \n[CVE-2019-0689](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0689>) \n[CVE-2019-0690](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0690>) \n[CVE-2019-0617](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0617>) \n[CVE-2019-0693](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0693>) \n[CVE-2019-0697](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0697>) \n[CVE-2019-0784](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0784>) \n[CVE-2019-0767](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0767>) \n[CVE-2019-0682](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0682>) \n[CVE-2019-0698](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0698>) \n[CVE-2019-0774](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0774>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-0782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0782>)0.0Unknown \n[CVE-2019-0694](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0694>)0.0Unknown \n[CVE-2019-0797](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0797>)0.0Unknown \n[CVE-2019-0766](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0766>)0.0Unknown \n[CVE-2019-0772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0772>)0.0Unknown \n[CVE-2019-0704](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0704>)0.0Unknown \n[CVE-2019-0776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0776>)0.0Unknown \n[CVE-2019-0759](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0759>)0.0Unknown \n[CVE-2019-0765](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0765>)0.0Unknown \n[CVE-2019-0754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0754>)0.0Unknown \n[CVE-2019-0775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0775>)0.0Unknown \n[CVE-2019-0756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0756>)0.0Unknown \n[CVE-2019-0603](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0603>)0.0Unknown \n[CVE-2019-0755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0755>)0.0Unknown \n[CVE-2019-0726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0726>)0.0Unknown \n[CVE-2019-0683](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0683>)0.0Unknown \n[CVE-2019-0696](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0696>)0.0Unknown \n[CVE-2019-0701](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0701>)0.0Unknown \n[CVE-2019-0692](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0692>)0.0Unknown \n[CVE-2019-0614](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0614>)0.0Unknown \n[CVE-2019-0703](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0703>)0.0Unknown \n[CVE-2019-0821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0821>)0.0Unknown \n[CVE-2019-0695](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0695>)0.0Unknown \n[CVE-2019-0702](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0702>)0.0Unknown \n[CVE-2019-0689](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0689>)0.0Unknown \n[CVE-2019-0690](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0690>)0.0Unknown \n[CVE-2019-0617](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0617>)0.0Unknown \n[CVE-2019-0693](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0693>)0.0Unknown \n[CVE-2019-0697](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0697>)0.0Unknown \n[CVE-2019-0784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0784>)0.0Unknown \n[CVE-2019-0767](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0767>)0.0Unknown \n[CVE-2019-0682](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0682>)0.0Unknown \n[CVE-2019-0698](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0698>)0.0Unknown \n[CVE-2019-0774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0774>)0.0Unknown", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-03-12T00:00:00", "id": "KLA11438", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11438", "title": "\r KLA11438Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489876\nor cumulative update 4489880. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0666, CVE-2019-0667,\n CVE-2019-0772)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2019-0683)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0808)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489876: Windows Server 2008 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0683", "CVE-2019-0690", "CVE-2019-0746", "CVE-2019-0808", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0702", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0756"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489880.NASL", "href": "https://www.tenable.com/plugins/nessus/122783", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122783);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0603\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0683\",\n \"CVE-2019-0690\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0765\",\n \"CVE-2019-0767\",\n \"CVE-2019-0772\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0782\",\n \"CVE-2019-0784\",\n \"CVE-2019-0808\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489876\");\n script_xref(name:\"MSKB\", value:\"4489880\");\n script_xref(name:\"MSFT\", value:\"MS19-4489876\");\n script_xref(name:\"MSFT\", value:\"MS19-4489880\");\n\n script_name(english:\"KB4489876: Windows Server 2008 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489876\nor cumulative update 4489880. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0666, CVE-2019-0667,\n CVE-2019-0772)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2019-0683)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0808)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\");\n # https://support.microsoft.com/en-us/help/4489876/windows-server-2008-kb4489876\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0bed126c\");\n # https://support.microsoft.com/en-us/help/4489880/windows-server-2008-kb4489880\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?062263fd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4489876 or Cumulative Update KB4489880.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows NtUserMNDragOver Local Privilege Elevation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489876', '4489880');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489876, 4489880])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:46:25", "description": "The remote Windows host is missing security update 4489886.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682, CVE-2019-0689, CVE-2019-0692,\n CVE-2019-0693, CVE-2019-0694)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489886: Windows 10 Version 1709 and Windows Server Version 1709 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0693", "CVE-2019-0767", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0702", "CVE-2019-0765", "CVE-2019-0689", "CVE-2019-0694", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0692", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0766", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0682"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_MAR_4489886.NASL", "href": "https://www.tenable.com/plugins/nessus/122786", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122786);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/31 15:18:52\");\n\n script_cve_id(\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0682\",\n \"CVE-2019-0689\",\n \"CVE-2019-0690\",\n \"CVE-2019-0692\",\n \"CVE-2019-0693\",\n \"CVE-2019-0694\",\n \"CVE-2019-0695\",\n \"CVE-2019-0696\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0765\",\n \"CVE-2019-0766\",\n \"CVE-2019-0767\",\n \"CVE-2019-0772\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0776\",\n \"CVE-2019-0782\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489886\");\n script_xref(name:\"MSFT\", value:\"MS19-4489886\");\n\n script_name(english:\"KB4489886: Windows 10 Version 1709 and Windows Server Version 1709 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489886.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682, CVE-2019-0689, CVE-2019-0692,\n CVE-2019-0693, CVE-2019-0694)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\");\n # https://support.microsoft.com/en-us/help/4489886/windows-10-update-kb4489886\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e05c5cb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4489886.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489886');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489886])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489884\nor cumulative update 4489891. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0783)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489884: Windows Server 2012 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0761", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0746", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0756"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489891.NASL", "href": "https://www.tenable.com/plugins/nessus/122787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122787);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0603\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0665\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0690\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0761\",\n \"CVE-2019-0763\",\n \"CVE-2019-0765\",\n \"CVE-2019-0767\",\n \"CVE-2019-0772\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0780\",\n \"CVE-2019-0782\",\n \"CVE-2019-0783\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489884\");\n script_xref(name:\"MSKB\", value:\"4489891\");\n script_xref(name:\"MSFT\", value:\"MS19-4489884\");\n script_xref(name:\"MSFT\", value:\"MS19-4489891\");\n\n script_name(english:\"KB4489884: Windows Server 2012 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489884\nor cumulative update 4489891. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0783)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\");\n # https://support.microsoft.com/en-us/help/4489884/windows-server-2012-update-kb4489884\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa5211f1\");\n # https://support.microsoft.com/en-us/help/4489891/windows-server-2012-update-kb4489891\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?670e41a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4489884 or Cumulative Update KB4489891.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489884', '4489891');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489884, 4489891])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489883\nor cumulative update 4489881. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Site cookie restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0762)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0609", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0756"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489881.NASL", "href": "https://www.tenable.com/plugins/nessus/122784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122784);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0603\",\n \"CVE-2019-0609\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0665\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0680\",\n \"CVE-2019-0690\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0761\",\n \"CVE-2019-0762\",\n \"CVE-2019-0763\",\n \"CVE-2019-0765\",\n \"CVE-2019-0767\",\n \"CVE-2019-0772\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0780\",\n \"CVE-2019-0782\",\n \"CVE-2019-0783\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489881\");\n script_xref(name:\"MSKB\", value:\"4489883\");\n script_xref(name:\"MSFT\", value:\"MS19-4489881\");\n script_xref(name:\"MSFT\", value:\"MS19-4489883\");\n\n script_name(english:\"KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489883\nor cumulative update 4489881. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Site cookie restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0762)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\");\n # https://support.microsoft.com/en-us/help/4489881/windows-8-1-update-kb4489881\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8fed4ae\");\n # https://support.microsoft.com/en-us/help/4489883/windows-8-1-update-kb4489883\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ec929c9e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4489883 or Cumulative Update KB4489881.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489883', '4489881');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489883, 4489881])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:46:22", "description": "The remote Windows host is missing security update 4489868.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682, CVE-2019-0689, CVE-2019-0692,\n CVE-2019-0693, CVE-2019-0694)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695, CVE-2019-0701)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0697, CVE-2019-0698,\n CVE-2019-0726)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489868: Windows 10 Version 1803 and Windows Server Version 1803 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0693", "CVE-2019-0767", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0702", "CVE-2019-0697", "CVE-2019-0765", "CVE-2019-0689", "CVE-2019-0694", "CVE-2019-0772", "CVE-2019-0726", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0698", "CVE-2019-0782", "CVE-2019-0692", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0766", "CVE-2019-0701", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0682"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_MAR_4489868.NASL", "href": "https://www.tenable.com/plugins/nessus/122779", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122779);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/31 15:18:52\");\n\n script_cve_id(\n \"CVE-2019-0603\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0682\",\n \"CVE-2019-0689\",\n \"CVE-2019-0690\",\n \"CVE-2019-0692\",\n \"CVE-2019-0693\",\n \"CVE-2019-0694\",\n \"CVE-2019-0695\",\n \"CVE-2019-0696\",\n \"CVE-2019-0697\",\n \"CVE-2019-0698\",\n \"CVE-2019-0701\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0726\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0765\",\n \"CVE-2019-0766\",\n \"CVE-2019-0767\",\n \"CVE-2019-0772\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0776\",\n \"CVE-2019-0782\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489868\");\n script_xref(name:\"MSFT\", value:\"MS19-4489868\");\n\n script_name(english:\"KB4489868: Windows 10 Version 1803 and Windows Server Version 1803 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489868.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682, CVE-2019-0689, CVE-2019-0692,\n CVE-2019-0693, CVE-2019-0694)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695, CVE-2019-0701)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0697, CVE-2019-0698,\n CVE-2019-0726)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\");\n # https://support.microsoft.com/en-us/help/4489868/windows-10-update-kb4489868\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e8d1aa06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4489868.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489868');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489868])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489885\nor cumulative update 4489878. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2019-0683)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Site cookie restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0762)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0808)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)", "edition": 10, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0683", "CVE-2019-0609", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0690", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0808", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0756"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489878.NASL", "href": "https://www.tenable.com/plugins/nessus/122782", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122782);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0603\",\n \"CVE-2019-0609\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0665\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0680\",\n \"CVE-2019-0683\",\n \"CVE-2019-0690\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0761\",\n \"CVE-2019-0762\",\n \"CVE-2019-0763\",\n \"CVE-2019-0765\",\n \"CVE-2019-0767\",\n \"CVE-2019-0772\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0780\",\n \"CVE-2019-0782\",\n \"CVE-2019-0783\",\n \"CVE-2019-0784\",\n \"CVE-2019-0808\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489885\");\n script_xref(name:\"MSKB\", value:\"4489878\");\n script_xref(name:\"MSFT\", value:\"MS19-4489885\");\n script_xref(name:\"MSFT\", value:\"MS19-4489878\");\n\n script_name(english:\"KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489885\nor cumulative update 4489878. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Active\n Directory Forest trusts due to a default setting that\n lets an attacker in the trusting forest request\n delegation of a TGT for an identity from the trusted\n forest. (CVE-2019-0683)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Site cookie restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0762)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0808)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\");\n # https://support.microsoft.com/en-us/help/4489885/windows-7-update-kb4489885\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5787d84c\");\n # https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update-for-windows-7-and-server-2008-r2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?95d89a90\");\n # https://support.microsoft.com/en-us/help/4489878/windows-7-update-kb4489878\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41a4ff06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4489885 or Cumulative Update KB4489878.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows NtUserMNDragOver Local Privilege Elevation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489885', '4489878');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489885, 4489878])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489872.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0770, CVE-2019-0771, CVE-2019-0773)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489872: Windows 10 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0776", "CVE-2019-0756"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489872.NASL", "href": "https://www.tenable.com/plugins/nessus/122781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122781);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0609\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0665\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0680\",\n \"CVE-2019-0690\",\n \"CVE-2019-0695\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0761\",\n \"CVE-2019-0763\",\n \"CVE-2019-0765\",\n \"CVE-2019-0767\",\n \"CVE-2019-0769\",\n \"CVE-2019-0770\",\n \"CVE-2019-0771\",\n \"CVE-2019-0772\",\n \"CVE-2019-0773\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0776\",\n \"CVE-2019-0780\",\n \"CVE-2019-0782\",\n \"CVE-2019-0783\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489872\");\n script_xref(name:\"MSFT\", value:\"MS19-4489872\");\n\n script_name(english:\"KB4489872: Windows 10 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489872.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0770, CVE-2019-0771, CVE-2019-0773)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\");\n # https://support.microsoft.com/en-us/help/4489872/windows-10-update-kb4489872\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57922272\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4489872.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489872');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489872])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489882.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0779)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly enforce cross-domain\n policies, which could allow an attacker to access\n information from one domain and inject it into another\n domain. (CVE-2019-0678)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0770, CVE-2019-0771, CVE-2019-0773)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489882: Windows 10 Version 1607 and Windows Server 2016 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0779", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0766", "CVE-2019-0776", "CVE-2019-0756"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489882.NASL", "href": "https://www.tenable.com/plugins/nessus/122785", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122785);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0603\",\n \"CVE-2019-0609\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0665\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0678\",\n \"CVE-2019-0680\",\n \"CVE-2019-0690\",\n \"CVE-2019-0695\",\n \"CVE-2019-0696\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0761\",\n \"CVE-2019-0763\",\n \"CVE-2019-0765\",\n \"CVE-2019-0766\",\n \"CVE-2019-0767\",\n \"CVE-2019-0769\",\n \"CVE-2019-0770\",\n \"CVE-2019-0771\",\n \"CVE-2019-0772\",\n \"CVE-2019-0773\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0776\",\n \"CVE-2019-0779\",\n \"CVE-2019-0780\",\n \"CVE-2019-0782\",\n \"CVE-2019-0783\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489882\");\n script_xref(name:\"MSFT\", value:\"MS19-4489882\");\n\n script_name(english:\"KB4489882: Windows 10 Version 1607 and Windows Server 2016 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489882.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0779)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly enforce cross-domain\n policies, which could allow an attacker to access\n information from one domain and inject it into another\n domain. (CVE-2019-0678)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0770, CVE-2019-0771, CVE-2019-0773)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0746)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\");\n # https://support.microsoft.com/en-us/help/4489882/windows-10-update-kb4489882\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?971d558c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4489882.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489882');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489882])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489871.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0779)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly enforce cross-domain\n policies, which could allow an attacker to access\n information from one domain and inject it into another\n domain. (CVE-2019-0678)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Click2Play protection in Microsoft Edge improperly\n handles flash objects. By itself, this bypass\n vulnerability does not allow arbitrary code execution.\n However, an attacker could use the bypass vulnerability\n in conjunction with another vulnerability, such as a\n remote code execution vulnerability, to run arbitrary\n code on a target system. (CVE-2019-0612)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0770, CVE-2019-0771, CVE-2019-0773)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0611, CVE-2019-0746)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489871: Windows 10 Version 1703 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0611", "CVE-2019-0765", "CVE-2019-0779", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0612", "CVE-2019-0821", "CVE-2019-0766", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0682"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489871.NASL", "href": "https://www.tenable.com/plugins/nessus/122780", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122780);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0609\",\n \"CVE-2019-0611\",\n \"CVE-2019-0612\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0665\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0678\",\n \"CVE-2019-0680\",\n \"CVE-2019-0682\",\n \"CVE-2019-0690\",\n \"CVE-2019-0695\",\n \"CVE-2019-0696\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0761\",\n \"CVE-2019-0763\",\n \"CVE-2019-0765\",\n \"CVE-2019-0766\",\n \"CVE-2019-0767\",\n \"CVE-2019-0769\",\n \"CVE-2019-0770\",\n \"CVE-2019-0771\",\n \"CVE-2019-0772\",\n \"CVE-2019-0773\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0776\",\n \"CVE-2019-0779\",\n \"CVE-2019-0780\",\n \"CVE-2019-0782\",\n \"CVE-2019-0783\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489871\");\n script_xref(name:\"MSFT\", value:\"MS19-4489871\");\n\n script_name(english:\"KB4489871: Windows 10 Version 1703 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489871.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0779)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly enforce cross-domain\n policies, which could allow an attacker to access\n information from one domain and inject it into another\n domain. (CVE-2019-0678)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Click2Play protection in Microsoft Edge improperly\n handles flash objects. By itself, this bypass\n vulnerability does not allow arbitrary code execution.\n However, an attacker could use the bypass vulnerability\n in conjunction with another vulnerability, such as a\n remote code execution vulnerability, to run arbitrary\n code on a target system. (CVE-2019-0612)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0770, CVE-2019-0771, CVE-2019-0773)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0611, CVE-2019-0746)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\");\n # https://support.microsoft.com/en-us/help/4489871/windows-10-update-kb4489871\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c047a6b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4489871.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489871');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489871])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:39", "description": "The remote Windows host is missing security update 4489899.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0697, CVE-2019-0698,\n CVE-2019-0726)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695, CVE-2019-0701)\n\n - A security feature bypass vulnerability exists when\n Click2Play protection in Microsoft Edge improperly\n handles flash objects. By itself, this bypass\n vulnerability does not allow arbitrary code execution.\n However, an attacker could use the bypass vulnerability\n in conjunction with another vulnerability, such as a\n remote code execution vulnerability, to run arbitrary\n code on a target system. (CVE-2019-0612)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Site cookie restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0762)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer VBScript execution policy does not\n properly restrict VBScript under specific conditions,\n and to allow requests that should otherwise be ignored.\n An attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0768)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly enforce cross-domain\n policies, which could allow an attacker to access\n information from one domain and inject it into another\n domain. (CVE-2019-0678)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0592, CVE-2019-0611,\n CVE-2019-0746)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682, CVE-2019-0689, CVE-2019-0692,\n CVE-2019-0693, CVE-2019-0694)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0771, CVE-2019-0773)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that the ChakraCore scripting engine handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0639)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "KB4489899: Windows 10 Version 1809 and Windows Server 2019 March 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0693", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0697", "CVE-2019-0592", "CVE-2019-0611", "CVE-2019-0765", "CVE-2019-0639", "CVE-2019-0689", "CVE-2019-0694", "CVE-2019-0772", "CVE-2019-0726", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0698", "CVE-2019-0782", "CVE-2019-0692", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0612", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0766", "CVE-2019-0701", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0768", "CVE-2019-0682"], "modified": "2019-03-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_MAR_4489899.NASL", "href": "https://www.tenable.com/plugins/nessus/122788", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122788);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0592\",\n \"CVE-2019-0603\",\n \"CVE-2019-0609\",\n \"CVE-2019-0611\",\n \"CVE-2019-0612\",\n \"CVE-2019-0614\",\n \"CVE-2019-0617\",\n \"CVE-2019-0639\",\n \"CVE-2019-0665\",\n \"CVE-2019-0666\",\n \"CVE-2019-0667\",\n \"CVE-2019-0678\",\n \"CVE-2019-0680\",\n \"CVE-2019-0682\",\n \"CVE-2019-0689\",\n \"CVE-2019-0690\",\n \"CVE-2019-0692\",\n \"CVE-2019-0693\",\n \"CVE-2019-0694\",\n \"CVE-2019-0695\",\n \"CVE-2019-0696\",\n \"CVE-2019-0697\",\n \"CVE-2019-0698\",\n \"CVE-2019-0701\",\n \"CVE-2019-0702\",\n \"CVE-2019-0703\",\n \"CVE-2019-0704\",\n \"CVE-2019-0726\",\n \"CVE-2019-0746\",\n \"CVE-2019-0754\",\n \"CVE-2019-0755\",\n \"CVE-2019-0756\",\n \"CVE-2019-0759\",\n \"CVE-2019-0761\",\n \"CVE-2019-0762\",\n \"CVE-2019-0763\",\n \"CVE-2019-0765\",\n \"CVE-2019-0766\",\n \"CVE-2019-0767\",\n \"CVE-2019-0768\",\n \"CVE-2019-0769\",\n \"CVE-2019-0771\",\n \"CVE-2019-0772\",\n \"CVE-2019-0773\",\n \"CVE-2019-0774\",\n \"CVE-2019-0775\",\n \"CVE-2019-0776\",\n \"CVE-2019-0780\",\n \"CVE-2019-0782\",\n \"CVE-2019-0783\",\n \"CVE-2019-0784\",\n \"CVE-2019-0797\",\n \"CVE-2019-0821\"\n );\n script_xref(name:\"MSKB\", value:\"4489899\");\n script_xref(name:\"MSFT\", value:\"MS19-4489899\");\n\n script_name(english:\"KB4489899: Windows 10 Version 1809 and Windows Server 2019 March 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4489899.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0697, CVE-2019-0698,\n CVE-2019-0726)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0617)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer fails to validate the correct Security\n Zone of requests for specific URLs. This could allow an\n attacker to cause a user to access a URL in a less\n restricted Internet Security Zone than intended.\n (CVE-2019-0761)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0780)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0609)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0702, CVE-2019-0755, CVE-2019-0775)\n\n - An information disclosure vulnerability exists in the\n way that the Windows SMB Server handles certain\n requests. An authenticated attacker who successfully\n exploited this vulnerability could craft a special\n packet, which could lead to information disclosure from\n the server. (CVE-2019-0703, CVE-2019-0704,\n CVE-2019-0821)\n\n - An information disclosure vulnerability exists when the\n Windows Print Spooler does not properly handle objects\n in memory. An attacker who successfully exploited this\n vulnerability could use the information to further\n exploit the victim system. (CVE-2019-0759)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-0782)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-0695, CVE-2019-0701)\n\n - A security feature bypass vulnerability exists when\n Click2Play protection in Microsoft Edge improperly\n handles flash objects. By itself, this bypass\n vulnerability does not allow arbitrary code execution.\n However, an attacker could use the bypass vulnerability\n in conjunction with another vulnerability, such as a\n remote code execution vulnerability, to run arbitrary\n code on a target system. (CVE-2019-0612)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Site cookie restrictions, and to\n allow requests that should otherwise be ignored. An\n attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0762)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0690)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0797)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0754)\n\n - A security feature bypass vulnerability exists when\n Internet Explorer VBScript execution policy does not\n properly restrict VBScript under specific conditions,\n and to allow requests that should otherwise be ignored.\n An attacker who successfully exploited the vulnerability\n could force the browser to send data that would\n otherwise be restricted. (CVE-2019-0768)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly enforce cross-domain\n policies, which could allow an attacker to access\n information from one domain and inject it into another\n domain. (CVE-2019-0678)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-0680, CVE-2019-0783)\n\n - A remote code execution vulnerability exists in the way\n that the ActiveX Data objects (ADO) handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0784)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0776)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-0766)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0696)\n\n - A remote code execution vulnerability exists in the way\n that Windows Deployment Services TFTP Server handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could execute arbitrary code\n with elevated permissions on a target system.\n (CVE-2019-0603)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0614, CVE-2019-0774)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2019-0767)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0763)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-0592, CVE-2019-0611,\n CVE-2019-0746)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-0682, CVE-2019-0689, CVE-2019-0692,\n CVE-2019-0693, CVE-2019-0694)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0769,\n CVE-2019-0771, CVE-2019-0773)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-0756)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0665, CVE-2019-0666,\n CVE-2019-0667, CVE-2019-0772)\n\n - A remote code execution vulnerability exists in the way\n that the ChakraCore scripting engine handles objects in\n memory. The vulnerability could corrupt memory in such a\n way that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0639)\n\n - A remote code execution vulnerability exists in the way\n that comctl32.dll handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-0765)\");\n # https://support.microsoft.com/en-us/help/4489899/windows-10-update-kb4489899\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f94843b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4489899.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-03\";\nkbs = make_list('4489899');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"03_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4489899])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T20:40:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0683", "CVE-2019-0609", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0690", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0808", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0756"], "description": "This host is missing a critical security\n update according to Microsoft KB4489878", "modified": "2020-07-17T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814936", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489878)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814936\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0601\", \"CVE-2019-0603\", \"CVE-2019-0609\", \"CVE-2019-0614\",\n \"CVE-2019-0617\", \"CVE-2019-0665\", \"CVE-2019-0666\", \"CVE-2019-0667\",\n \"CVE-2019-0680\", \"CVE-2019-0683\", \"CVE-2019-0690\", \"CVE-2019-0702\",\n \"CVE-2019-0703\", \"CVE-2019-0704\", \"CVE-2019-0746\", \"CVE-2019-0754\",\n \"CVE-2019-0755\", \"CVE-2019-0756\", \"CVE-2019-0759\", \"CVE-2019-0761\",\n \"CVE-2019-0762\", \"CVE-2019-0763\", \"CVE-2019-0765\", \"CVE-2019-0767\",\n \"CVE-2019-0772\", \"CVE-2019-0774\", \"CVE-2019-0775\", \"CVE-2019-0780\",\n \"CVE-2019-0782\", \"CVE-2019-0783\", \"CVE-2019-0784\", \"CVE-2019-0808\",\n \"CVE-2019-0821\");\n script_bugtraq_id(107285);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 10:15:27 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489878)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489878\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist in,\n\n - Event Viewer from showing Network Interface Cards events and\n\n - Various Windows components.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code on a victim system, obtain information to\n further compromise the user's system, gain elevated privileges, bypass security\n features and cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489878\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Ntdll.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24387\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Ntdll.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24387\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0609", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0756"], "description": "This host is missing a critical security\n update according to Microsoft KB4489881", "modified": "2020-07-17T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814937", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489881)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814937\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0601\", \"CVE-2019-0603\", \"CVE-2019-0609\", \"CVE-2019-0614\",\n \"CVE-2019-0617\", \"CVE-2019-0665\", \"CVE-2019-0666\", \"CVE-2019-0667\",\n \"CVE-2019-0680\", \"CVE-2019-0690\", \"CVE-2019-0702\", \"CVE-2019-0703\",\n \"CVE-2019-0704\", \"CVE-2019-0746\", \"CVE-2019-0754\", \"CVE-2019-0755\",\n \"CVE-2019-0756\", \"CVE-2019-0759\", \"CVE-2019-0761\", \"CVE-2019-0762\",\n \"CVE-2019-0763\", \"CVE-2019-0765\", \"CVE-2019-0767\", \"CVE-2019-0772\",\n \"CVE-2019-0774\", \"CVE-2019-0775\", \"CVE-2019-0780\", \"CVE-2019-0782\",\n \"CVE-2019-0783\", \"CVE-2019-0784\", \"CVE-2019-0797\", \"CVE-2019-0821\");\n script_bugtraq_id(107285);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 10:32:00 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489881)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489881\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist,\n\n - When users to receive 'Error 1309' while installing or uninstalling\n certain types of MSI and MSP files.\n\n - With a virtual memory leak and the depletion of the paged pool with\n the CMNB tag that cause the server to become unresponsive.\n\n - In Internet Explorer, Windows App Platform and Frameworks, Windows Hyper-V,\n Windows Storage and Filesystems, Windows Fundamentals, Windows Kernel,\n Windows Server, Windows MSXML, and the Microsoft JET Database Engine.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to elevate privileges, execute arbitrary code, read unauthorized\n information, bypass security features and cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489881\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Msi.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.0.9600.19304\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Msi.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.0.9600.19304\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0776", "CVE-2019-0756"], "description": "This host is missing a critical security\n update according to Microsoft KB4489872", "modified": "2020-06-04T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814693", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489872)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814693\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0609\", \"CVE-2019-0782\", \"CVE-2019-0783\", \"CVE-2019-0784\",\n \"CVE-2019-0614\", \"CVE-2019-0617\", \"CVE-2019-0797\", \"CVE-2019-0821\",\n \"CVE-2019-0680\", \"CVE-2019-0690\", \"CVE-2019-0695\", \"CVE-2019-0702\",\n \"CVE-2019-0703\", \"CVE-2019-0704\", \"CVE-2019-0746\", \"CVE-2019-0754\",\n \"CVE-2019-0755\", \"CVE-2019-0756\", \"CVE-2019-0759\", \"CVE-2019-0761\",\n \"CVE-2019-0763\", \"CVE-2019-0765\", \"CVE-2019-0767\", \"CVE-2019-0769\",\n \"CVE-2019-0770\", \"CVE-2019-0771\", \"CVE-2019-0772\", \"CVE-2019-0773\",\n \"CVE-2019-0774\", \"CVE-2019-0775\", \"CVE-2019-0776\", \"CVE-2019-0780\",\n \"CVE-2019-0665\", \"CVE-2019-0666\", \"CVE-2019-0667\", \"CVE-2019-0601\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 08:42:56 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489872)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489872\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - The Microsoft XML Core Services MSXML parser processes user input.\n\n - Windows improperly handles objects in memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Windows Print Spooler does not properly handle objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows SMB Server does not properly handles certain requests.\n\n - Windows kernel improperly initializes objects in memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Internet Explorer fails to validate the correct Security Zone of requests\n for specific URLs.\n\n - Microsoft browsers improperly access objects in memory.\n\n - The ActiveX Data objects (ADO) improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code on a victim system, obtain information\n to further compromise the user's system, gain elevated privileges, cause the\n host server to crash and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems and\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489872\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Edgehtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_in_range(version:fileVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18157\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Edgehtml.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18157\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T12:52:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0765", "CVE-2019-0779", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0766", "CVE-2019-0776", "CVE-2019-0756"], "description": "This host is missing a critical security\n update according to Microsoft KB4489882", "modified": "2019-12-20T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814695", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489882)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814695\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2019-0603\", \"CVE-2019-0609\", \"CVE-2019-0782\", \"CVE-2019-0783\",\n \"CVE-2019-0784\", \"CVE-2019-0614\", \"CVE-2019-0617\", \"CVE-2019-0797\",\n \"CVE-2019-0821\", \"CVE-2019-0680\", \"CVE-2019-0690\", \"CVE-2019-0695\",\n \"CVE-2019-0696\", \"CVE-2019-0702\", \"CVE-2019-0703\", \"CVE-2019-0704\",\n \"CVE-2019-0746\", \"CVE-2019-0754\", \"CVE-2019-0755\", \"CVE-2019-0756\",\n \"CVE-2019-0759\", \"CVE-2019-0761\", \"CVE-2019-0763\", \"CVE-2019-0765\",\n \"CVE-2019-0766\", \"CVE-2019-0767\", \"CVE-2019-0769\", \"CVE-2019-0770\",\n \"CVE-2019-0771\", \"CVE-2019-0772\", \"CVE-2019-0773\", \"CVE-2019-0774\",\n \"CVE-2019-0775\", \"CVE-2019-0776\", \"CVE-2019-0779\", \"CVE-2019-0780\",\n \"CVE-2019-0665\", \"CVE-2019-0666\", \"CVE-2019-0667\", \"CVE-2019-0678\",\n \"CVE-2019-0601\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 09:11:30 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489882)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489882\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Edge does not properly enforce cross-domain policies.\n\n - The scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its\n memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Microsoft XML Core Services MSXML parser processes user input.\n\n - Windows improperly handles objects in memory.\n\n - The Windows Print Spooler does not properly handle objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - Chakra scripting engine handles objects in memory in\n Microsoft Edge.\n\n - Windows SMB Server does not properly handles certain requests.\n\n - Windows Deployment Services TFTP Server does not properly handle objects\n in memory.\n\n - Windows AppX Deployment Server allows file creation in arbitrary\n locations.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Internet Explorer fails to validate the correct Security Zone of requests\n for specific URLs.\n\n - The ActiveX Data objects (ADO) improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to elevate privileges, execute arbitrary code on a victim system,\n cause the host server to crash and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489882\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Edgehtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_in_range(version:fileVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2847\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Edgehtml.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2847\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0611", "CVE-2019-0765", "CVE-2019-0779", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0612", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0766", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0682"], "description": "This host is missing a critical security\n update according to Microsoft KB4489871", "modified": "2020-06-04T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814694", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489871)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814694\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0609\", \"CVE-2019-0782\", \"CVE-2019-0783\", \"CVE-2019-0784\",\n \"CVE-2019-0611\", \"CVE-2019-0612\", \"CVE-2019-0614\", \"CVE-2019-0617\",\n \"CVE-2019-0797\", \"CVE-2019-0821\", \"CVE-2019-0680\", \"CVE-2019-0682\",\n \"CVE-2019-0690\", \"CVE-2019-0695\", \"CVE-2019-0696\", \"CVE-2019-0702\",\n \"CVE-2019-0703\", \"CVE-2019-0704\", \"CVE-2019-0746\", \"CVE-2019-0754\",\n \"CVE-2019-0755\", \"CVE-2019-0756\", \"CVE-2019-0759\", \"CVE-2019-0761\",\n \"CVE-2019-0763\", \"CVE-2019-0765\", \"CVE-2019-0766\", \"CVE-2019-0767\",\n \"CVE-2019-0769\", \"CVE-2019-0770\", \"CVE-2019-0771\", \"CVE-2019-0772\",\n \"CVE-2019-0773\", \"CVE-2019-0774\", \"CVE-2019-0775\", \"CVE-2019-0776\",\n \"CVE-2019-0779\", \"CVE-2019-0780\", \"CVE-2019-0665\", \"CVE-2019-0666\",\n \"CVE-2019-0667\", \"CVE-2019-0678\", \"CVE-2019-0601\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 09:06:34 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489871)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489871\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Edge does not properly enforce cross-domain policies.\n\n - The scripting engine improperly handles objects in memory in Microsoft\n browsers.\n\n - Click2Play protection in Microsoft Edge improperly handles flash objects.\n\n - The Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows Print Spooler does not properly handle objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - An error in way Windows SMB Server handles certain requests.\n\n - Windows AppX Deployment Server that allows file creation in arbitrary\n locations.\n\n - Windows kernel improperly initializes objects in memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Internet Explorer fails to validate the correct Security Zone of requests\n for specific URLs.\n\n - An error in the ActiveX Data objects (ADO) handles objects in memory.\n\n - An integer overflow in Windows Subsystem for Linux.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to elevate privileges, run arbitrary code on a target system,\n gain access to potentially sensitive data, causes a host machine to crash\n and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489871\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Edgehtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_in_range(version:fileVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1688\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Edgehtml.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1688\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0693", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0611", "CVE-2019-0765", "CVE-2019-0689", "CVE-2019-0779", "CVE-2019-0694", "CVE-2019-0772", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0782", "CVE-2019-0692", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0612", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0766", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0768", "CVE-2019-0682"], "description": "This host is missing a critical security\n update according to Microsoft KB4489886", "modified": "2020-06-04T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814696", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489886)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814696\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0609\", \"CVE-2019-0780\", \"CVE-2019-0782\", \"CVE-2019-0783\",\n \"CVE-2019-0611\", \"CVE-2019-0612\", \"CVE-2019-0614\", \"CVE-2019-0617\",\n \"CVE-2019-0784\", \"CVE-2019-0797\", \"CVE-2019-0821\", \"CVE-2019-0678\",\n \"CVE-2019-0680\", \"CVE-2019-0682\", \"CVE-2019-0689\", \"CVE-2019-0690\",\n \"CVE-2019-0692\", \"CVE-2019-0693\", \"CVE-2019-0694\", \"CVE-2019-0695\",\n \"CVE-2019-0696\", \"CVE-2019-0702\", \"CVE-2019-0703\", \"CVE-2019-0704\",\n \"CVE-2019-0746\", \"CVE-2019-0754\", \"CVE-2019-0755\", \"CVE-2019-0756\",\n \"CVE-2019-0759\", \"CVE-2019-0761\", \"CVE-2019-0762\", \"CVE-2019-0763\",\n \"CVE-2019-0765\", \"CVE-2019-0766\", \"CVE-2019-0767\", \"CVE-2019-0768\",\n \"CVE-2019-0769\", \"CVE-2019-0770\", \"CVE-2019-0771\", \"CVE-2019-0772\",\n \"CVE-2019-0773\", \"CVE-2019-0774\", \"CVE-2019-0775\", \"CVE-2019-0776\",\n \"CVE-2019-0779\", \"CVE-2019-0665\", \"CVE-2019-0666\", \"CVE-2019-0667\",\n \"CVE-2019-0601\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 09:15:08 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489886)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489886\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Edge does not properly enforce cross-domain policies.\n\n - The scripting engine improperly handles objects in memory in Microsoft\n Edge.\n\n - Click2Play protection in Microsoft Edge improperly handles flash objects.\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its\n memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows Print Spooler does not properly handle objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - An integer overflow in Windows Subsystem for Linux.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - Windows SMB Server improperly handles certain requests.\n\n - Windows AppX Deployment Server that allows file creation in arbitrary\n locations.\n\n - Windows kernel improperly initializes objects in memory.\n\n - Microsoft browsers improperly handle requests of different origins.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Internet Explorer fails to validate the correct Security Zone of requests\n for specific URLs.\n\n - The ActiveX Data objects (ADO) improperly handles objects in memory.\n\n - When Internet Explorer VBScript execution policy does not properly restrict\n VBScript under specific conditions, and to allow requests that should otherwise\n be ignored.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to elevate privileges, run arbitrary code on a target system,\n cause the host server to crash and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489886\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Edgehtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_in_range(version:fileVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1028\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Edgehtml.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1028\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0693", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0697", "CVE-2019-0592", "CVE-2019-0611", "CVE-2019-0765", "CVE-2019-0639", "CVE-2019-0689", "CVE-2019-0694", "CVE-2019-0772", "CVE-2019-0726", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0698", "CVE-2019-0782", "CVE-2019-0692", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0612", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0766", "CVE-2019-0701", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0768", "CVE-2019-0682"], "description": "This host is missing a critical security\n update according to Microsoft KB4489899", "modified": "2020-06-04T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814692", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489899)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814692\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0592\", \"CVE-2019-0603\", \"CVE-2019-0609\", \"CVE-2019-0780\",\n \"CVE-2019-0782\", \"CVE-2019-0783\", \"CVE-2019-0611\", \"CVE-2019-0612\",\n \"CVE-2019-0614\", \"CVE-2019-0784\", \"CVE-2019-0797\", \"CVE-2019-0821\",\n \"CVE-2019-0678\", \"CVE-2019-0680\", \"CVE-2019-0682\", \"CVE-2019-0689\",\n \"CVE-2019-0690\", \"CVE-2019-0692\", \"CVE-2019-0693\", \"CVE-2019-0694\",\n \"CVE-2019-0695\", \"CVE-2019-0696\", \"CVE-2019-0697\", \"CVE-2019-0698\",\n \"CVE-2019-0701\", \"CVE-2019-0702\", \"CVE-2019-0703\", \"CVE-2019-0704\",\n \"CVE-2019-0726\", \"CVE-2019-0746\", \"CVE-2019-0754\", \"CVE-2019-0755\",\n \"CVE-2019-0756\", \"CVE-2019-0759\", \"CVE-2019-0761\", \"CVE-2019-0762\",\n \"CVE-2019-0763\", \"CVE-2019-0765\", \"CVE-2019-0766\", \"CVE-2019-0767\",\n \"CVE-2019-0768\", \"CVE-2019-0769\", \"CVE-2019-0771\", \"CVE-2019-0772\",\n \"CVE-2019-0773\", \"CVE-2019-0774\", \"CVE-2019-0775\", \"CVE-2019-0776\",\n \"CVE-2019-0617\", \"CVE-2019-0639\", \"CVE-2019-0665\", \"CVE-2019-0666\",\n \"CVE-2019-0667\", \"CVE-2019-0601\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 08:37:41 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489899)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489899\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Edge does not properly enforce cross-domain policies.\n\n - The scripting engine improperly handles objects in memory in Microsoft\n Edge and browsers.\n\n - Click2Play protection in Microsoft Edge improperly handles flash objects.\n\n - The ChakraCore scripting engine improperly handles objects in memory.\n\n - The Windows Jet Database Engine improperly handles objects in memory.\n\n - The Windows GDI component improperly discloses the contents of its\n memory.\n\n - The Windows kernel improperly handles objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - The Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The Windows Print Spooler does not properly handle objects in memory.\n\n - An integer overflow in Windows Subsystem for Linux.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Windows DHCP client does not validate specially crafted DHCP responses to\n a client.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - Windows SMB Server improperly handles certain requests.\n\n - Windows Deployment Services TFTP Server improperly handles objects in memory.\n\n - Windows AppX Deployment Server allows file creation in arbitrary locations.\n\n - Windows kernel improperly initializes objects in memory.\n\n - Microsoft browsers improperly handle requests of different origins.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - The VBScript engine handles improperly objects in memory.\n\n - Internet Explorer fails to validate the correct Security Zone of requests\n for specific URLs.\n\n - Windows kernel fails to properly initialize a memory address.\n\n - The ActiveX Data objects (ADO) improperly handles objects in memory.\n\n - Internet Explorer VBScript execution policy does not properly restrict\n VBScript under specific conditions, and to allow requests that should otherwise\n be ignored.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to elevate privileges, gain the same user rights as the current\n user, run arbitrary code on a target system, obtain information to further\n compromise the user's system and cause the host server to crash.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems and\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489899\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Edgehtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_in_range(version:fileVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.378\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Edgehtml.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.378\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-0769", "CVE-2019-0609", "CVE-2019-0771", "CVE-2019-0761", "CVE-2019-0680", "CVE-2019-0797", "CVE-2019-0690", "CVE-2019-0770", "CVE-2019-0665", "CVE-2019-0763", "CVE-2019-0762", "CVE-2019-0746", "CVE-2019-0695", "CVE-2019-0774", "CVE-2019-0693", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0767", "CVE-2019-0773", "CVE-2019-0696", "CVE-2019-0784", "CVE-2019-0775", "CVE-2019-0617", "CVE-2019-0759", "CVE-2019-0678", "CVE-2019-0703", "CVE-2019-0780", "CVE-2019-0702", "CVE-2019-0783", "CVE-2019-0697", "CVE-2019-0611", "CVE-2019-0765", "CVE-2019-0639", "CVE-2019-0689", "CVE-2019-0694", "CVE-2019-0772", "CVE-2019-0726", "CVE-2019-0614", "CVE-2019-0754", "CVE-2019-0698", "CVE-2019-0782", "CVE-2019-0692", "CVE-2019-0755", "CVE-2019-0704", "CVE-2019-0612", "CVE-2019-0601", "CVE-2019-0821", "CVE-2019-0603", "CVE-2019-0766", "CVE-2019-0701", "CVE-2019-0776", "CVE-2019-0756", "CVE-2019-0768", "CVE-2019-0682"], "description": "This host is missing a critical security\n update according to Microsoft KB4489868", "modified": "2020-06-04T00:00:00", "published": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310814697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814697", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4489868)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814697\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0603\", \"CVE-2019-0609\", \"CVE-2019-0780\", \"CVE-2019-0782\",\n \"CVE-2019-0783\", \"CVE-2019-0611\", \"CVE-2019-0612\", \"CVE-2019-0614\",\n \"CVE-2019-0617\", \"CVE-2019-0784\", \"CVE-2019-0797\", \"CVE-2019-0821\",\n \"CVE-2019-0678\", \"CVE-2019-0680\", \"CVE-2019-0682\", \"CVE-2019-0689\",\n \"CVE-2019-0690\", \"CVE-2019-0692\", \"CVE-2019-0693\", \"CVE-2019-0694\",\n \"CVE-2019-0695\", \"CVE-2019-0696\", \"CVE-2019-0697\", \"CVE-2019-0698\",\n \"CVE-2019-0701\", \"CVE-2019-0702\", \"CVE-2019-0703\", \"CVE-2019-0704\",\n \"CVE-2019-0726\", \"CVE-2019-0746\", \"CVE-2019-0754\", \"CVE-2019-0755\",\n \"CVE-2019-0756\", \"CVE-2019-0759\", \"CVE-2019-0761\", \"CVE-2019-0762\",\n \"CVE-2019-0763\", \"CVE-2019-0765\", \"CVE-2019-0766\", \"CVE-2019-0767\",\n \"CVE-2019-0768\", \"CVE-2019-0769\", \"CVE-2019-0770\", \"CVE-2019-0771\",\n \"CVE-2019-0772\", \"CVE-2019-0773\", \"CVE-2019-0774\", \"CVE-2019-0775\",\n \"CVE-2019-0776\", \"CVE-2019-0639\", \"CVE-2019-0665\", \"CVE-2019-0666\",\n \"CVE-2019-0667\", \"CVE-2019-0601\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-13 09:20:16 +0530 (Wed, 13 Mar 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4489868)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4489868\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Edge does not properly enforce cross-domain policies.\n\n - An error in way scripting engine handles objects in memory in Microsoft Edge.\n\n - Click2Play protection in Microsoft Edge improperly handles flash objects.\n\n - ChakraCore scripting engine improperly handles objects in memory.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Windows Print Spooler does not properly handle objects in memory.\n\n - An integer overflow in Windows Subsystem for Linux.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Windows DHCP client does not validate specially crafted DHCP responses\n to a client.\n\n - Microsoft Hyper-V on a host server fails to properly validate input from\n a privileged user on a guest operating system.\n\n - Windows SMB Server fails to properly handle handles certain requests.\n\n - VBScript engine improperly handles objects in memory.\n\n - Windows Deployment Services TFTP Server improperly handles objects in\n memory.\n\n - Windows AppX Deployment Server allows file creation in arbitrary\n locations.\n\n - Microsoft browsers improperly handle requests of different origins.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Internet Explorer fails to validate the correct Security Zone of requests\n for specific URLs.\n\n - The ActiveX Data objects (ADO) improperly handles objects in memory.\n\n - Internet Explorer VBScript execution policy does not properly restrict\n VBScript under specific conditions, and to allow requests that should otherwise\n be ignored.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to elevate privileges, execute arbitrary code on a victim system,\n cause a target system to stop responding and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4489868\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Edgehtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_in_range(version:fileVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.647\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Edgehtml.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.647\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-04-10T07:55:24", "bulletinFamily": "blog", "cvelist": ["CVE-2019-0592", "CVE-2019-0603", "CVE-2019-0609", "CVE-2019-0611", "CVE-2019-0612", "CVE-2019-0614", "CVE-2019-0617", "CVE-2019-0639", "CVE-2019-0665", "CVE-2019-0666", "CVE-2019-0667", "CVE-2019-0678", "CVE-2019-0680", "CVE-2019-0682", "CVE-2019-0683", "CVE-2019-0689", "CVE-2019-0690", "CVE-2019-0692", "CVE-2019-0693", "CVE-2019-0694", "CVE-2019-0695", "CVE-2019-0696", "CVE-2019-0697", "CVE-2019-0698", "CVE-2019-0701", "CVE-2019-0702", "CVE-2019-0703", "CVE-2019-0704", "CVE-2019-0726", "CVE-2019-0746", "CVE-2019-0748", "CVE-2019-0754", "CVE-2019-0755", "CVE-2019-0756", "CVE-2019-0757", "CVE-2019-0759", "CVE-2019-0761", "CVE-2019-0762", "CVE-2019-0763", "CVE-2019-0765", "CVE-2019-0766", "CVE-2019-0767", "CVE-2019-0768", "CVE-2019-0769", "CVE-2019-0770", "CVE-2019-0771", "CVE-2019-0772", "CVE-2019-0773", "CVE-2019-0774", "CVE-2019-0775", "CVE-2019-0776", "CVE-2019-0777", "CVE-2019-0778", "CVE-2019-0779", "CVE-2019-0780", "CVE-2019-0782", "CVE-2019-0783", "CVE-2019-0784", "CVE-2019-0797", "CVE-2019-0798", "CVE-2019-0808", "CVE-2019-0809", "CVE-2019-0816", "CVE-2019-0821"], "description": "[](<http://4.bp.blogspot.com/-N7KuLtUvvXQ/XIfHXnKAXQI/AAAAAAAAFjI/trcN807FgdUskZ_UAx0dWuRlD5HpF9xeACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated \u201ccritical,\u201d 45 that are considered \u201cimportant\u201d and one \u201cmoderate\u201d and \u201clow\u201d vulnerability each. This release also includes two critical advisories \u2014 one covering security updates to Adobe Flash Player and another concerning SHA-2. \n \nThis month\u2019s security update covers security issues in a variety of Microsoft\u2019s products, including the VBScript scripting engine, Dynamic Host Configuration Protocol and the Chakra scripting engine. For coverage of these vulnerabilities, read the SNORT\u24c7 blog post [here](<https://blog.snort.org/2019/03/snort-rule-update-for-march-12-2019.html>). \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 17 critical vulnerabilities this month, all of which we will highlight below. \n \n[CVE-2019-0592](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592>) is a memory corruption vulnerability in the Chakra scripting engine that could allow an attacker to elevate their privileges. The bug lies in the way that the scripting engine handles objects in memory. In order to exploit this vulnerability, an attacker would need to trick a user into visiting a specially crafted, malicious web page in the Microsoft Edge web browser. \n \n[CVE-2019-0763](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0763>) is a remote code execution vulnerability that exists when the Internet Explorer web browser improperly handles objects in memory. An attacker could exploit this vulnerability by tricking a user into visiting a malicious web page while using Internet Explorer. \n \n[CVE-2019-0756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0756>) is a remote code execution vulnerability in the Microsoft XML Core Services MSXML parser. An attacker can exploit this bug by tricking the user into opening a specially crafted website designed to invoke MSXML through a web browser. Eventually, the attacker would gain the ability to execute malicious code and take control of the user\u2019s system. \n \n[CVE-2019-0609](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0609>), [CVE-2019-0639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639>), [CVE-2019-0680](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0680>), [CVE-2019-0769](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0769>), [CVE-2019-0770](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0770>), [CVE-2019-0771](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0771>) and [CVE-2019-0773](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0773>) are all memory corruption vulnerabilities in Microsoft\u2019s scripting engine that exist due to the way Microsoft Edge handles objects in memory. An attacker could exploit these bugs to corrupt memory in a way that would allow them to execute arbitrary code in the context of the current user. A user would trigger this vulnerability if they visited a specially crafted, malicious web page in Edge. \n \n[CVE-2019-0784](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0784>) is a remote code execution vulnerability that exists due to the way ActiveX Data Objects (ADO) handle objects in memory. An attacker could exploit this bug by tricking a user into visiting a specially crafted, malicious web page in Internet Explorer. Alternatively, they could embed an ActiveX control marked \u201csafe for initialization\u201d in an application or Microsoft Office document that hosts the Internet Explorer rendering engine. \n \n[CVE-2019-0603](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0603>) is a remote code execution vulnerability in Windows Deployment Services TFTP Server. The bug lies in the way the server handles objects in memory. If an attacker were to exploit this vulnerability, they\u2019d gain the ability to execute arbitrary code with elevated permissions on a target system. \n \n[CVE-2019-0697](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0697>), [CVE-2019-0698](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0698>) and [CVE-2019-0726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0726>) are remote code execution vulnerabilities in the Windows DHCP client. The vulnerability triggers when the client receives specially crafted DHCP responses to a client, potentially allowing an attacker to execute arbitrary code on the target machine. \n \n[CVE-2019-0666](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0666>) and [CVE-2019-0667](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0667>) are vulnerabilities in the VBScript engine that exist due to the way the engine handles objects in memory. An attacker could use these bugs to corrupt memory in a way that would allow them to execute arbitrary code in the context of the current user. A user could trigger these vulnerabilities by visiting an attacker-created website through Internet Explorer. An attacker could also provide them with an embedded ActiveX control marked \u201csafe for initialization\u201d in an application or Microsoft Office document that hosts the Internet Explorer rendering engine. \n\n\n### Important vulnerabilities\n\nThis release also contains 45 important vulnerabilities: \n\n\n * [CVE-2019-0784](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0784>)\n * [CVE-2019-0611](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0611>)\n * [CVE-2019-0612](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0612>)\n * [CVE-2019-0614](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0614>)\n * [CVE-2019-0617](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0617>)\n * [CVE-2019-0665](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0665>)\n * [CVE-2019-0678](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0678>)\n * [CVE-2019-0682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0682>)\n * [CVE-2019-0683](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0683>)\n * [CVE-2019-0689](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0689>)\n * [CVE-2019-0690](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0690>)\n * [CVE-2019-0692](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0692>)\n * [CVE-2019-0693](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0693>)\n * [CVE-2019-0694](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0694>)\n * [CVE-2019-0695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0695>)\n * [CVE-2019-0696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0696>)\n * [CVE-2019-0701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0701>)\n * [CVE-2019-0702](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0702>)\n * [CVE-2019-0703](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703>)\n * [CVE-2019-0704](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0704>)\n * [CVE-2019-0746](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0746>)\n * [CVE-2019-0748](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0748>)\n * [CVE-2019-0754](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0754>)\n * [CVE-2019-0755](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0755>)\n * [CVE-2019-0757](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757>)\n * [CVE-2019-0759](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0759>)\n * [CVE-2019-0761](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0761>)\n * [CVE-2019-0762](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0762>)\n * [CVE-2019-0765](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0765>)\n * [CVE-2019-0766](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0766>)\n * [CVE-2019-0767](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0767>)\n * [CVE-2019-0768](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0768>)\n * [CVE-2019-0772](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0772>)\n * [CVE-2019-0774](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0774>)\n * [CVE-2019-0775](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0775>)\n * [CVE-2019-0776](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0776>)\n * [CVE-2019-0778](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778>)\n * [CVE-2019-0779](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0779>)\n * [CVE-2019-0780](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0780>)\n * [CVE-2019-0782](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0782>)\n * [CVE-2019-0783](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0783>)\n * [CVE-2019-0797](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797>)\n * [CVE-2019-0798](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798>)\n * [CVE-2019-0808](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808>)\n * [CVE-2019-0809](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0809>)\n * [CVE-2019-0821](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0821>)\n\n### Moderate\n\nThere was one moderate vulnerability in this release: [CVE-2019-0816](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0816>), a security feature bypass vulnerability in Azure SSH Keypairs. \n\n\n### Low\n\nThe only low vulnerability in this release is [CVE-2019-0777](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777>), a cross-site scripting vulnerability in Team Foundation. \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing the following SNORT\u24c7 rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: [45142, 45143](<https://snort.org/advisories/600>), [46554, 46555](<https://snort.org/advisories/760>), [48051, 48052](<https://snort.org/advisories/609>), [49172, 49173, 49364 - 49369, 49371, 49372, 49378 - 49395, 49400 - 49403](<https://snort.org/advisories/760>) \n\n\n \n\n\n", "modified": "2019-03-12T18:00:13", "published": "2019-03-12T11:00:00", "id": "TALOSBLOG:D9C5C0AB436B4386A2A294DC24E5D966", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/I_OWyHUhlnc/microsoft-patch-tuesday-march-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 March 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}