Microsoft Windows Graphics Component CVE-2019-1153 Local Information Disclosure Vulnerability
2019-08-13T00:00:00
ID SMNTC-109524 Type symantec Reporter Symantec Security Response Modified 2019-08-13T00:00:00
Description
Description
Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Technologies Affected
Microsoft Office 2019 for Mac
Microsoft Windows 10 Version 1607 for 32-bit Systems
Microsoft Windows 10 Version 1607 for x64-based Systems
Microsoft Windows 10 Version 1709 for ARM64-based Systems
Microsoft Windows 10 Version 1803 for 32-bit Systems
Microsoft Windows 10 Version 1803 for ARM64-based Systems
Microsoft Windows 10 Version 1803 for x64-based Systems
Microsoft Windows 10 Version 1809 for 32-bit Systems
Microsoft Windows 10 Version 1809 for ARM64-based Systems
Microsoft Windows 10 Version 1809 for x64-based Systems
Microsoft Windows 10 Version 1903 for 32-bit Systems
Microsoft Windows 10 Version 1903 for ARM64-based Systems
Microsoft Windows 10 Version 1903 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 version 1703 for 32-bit Systems
Microsoft Windows 10 version 1703 for x64-based Systems
Microsoft Windows 10 version 1709 for 32-bit Systems
Microsoft Windows 10 version 1709 for x64-based Systems
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8.1 for x64-based Systems
Microsoft Windows RT 8.1
Microsoft Windows Server 1803
Microsoft Windows Server 1903
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.
Updates are available. Please see the references or vendor advisory for more information.
{"id": "SMNTC-109524", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows Graphics Component CVE-2019-1153 Local Information Disclosure Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.\n\n### Technologies Affected\n\n * Microsoft Office 2019 for Mac \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-08-13T00:00:00", "modified": "2019-08-13T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/109524", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2019-1153"], "lastseen": "2019-08-22T22:49:49", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-1153"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1153"]}, {"type": "exploitdb", "idList": ["EDB-ID:47269"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815435", "OPENVAS:1361412562310815436", "OPENVAS:1361412562310815432", "OPENVAS:1361412562310815438", "OPENVAS:1361412562310815439", "OPENVAS:1361412562310815434", "OPENVAS:1361412562310815437", "OPENVAS:1361412562310815433", "OPENVAS:1361412562310815431", "OPENVAS:1361412562310815197"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_AUG_4512508.NASL", "SMB_NT_MS19_AUG_4512497.NASL", "SMB_NT_MS19_AUG_4512516.NASL", "SMB_NT_MS19_AUG_4512518.NASL", "SMB_NT_MS19_AUG_4512507.NASL", "SMB_NT_MS19_AUG_4512517.NASL", "SMB_NT_MS19_AUG_4512506.NASL", "SMB_NT_MS19_AUG_4512476.NASL", "SMB_NT_MS19_AUG_4512488.NASL", "MACOS_MS19_AUG_OFFICE.NASL"]}, {"type": "kaspersky", "idList": ["KLA11697", "KLA11536", "KLA11534"]}, {"type": "talosblog", "idList": ["TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4"]}], "modified": "2019-08-22T22:49:49", "rev": 2}, "score": {"value": 3.2, "vector": "NONE", "modified": "2019-08-22T22:49:49", "rev": 2}, "vulnersScore": 3.2}, "affectedSoftware": [{"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 R2 for x64-based Systems SP1"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for 32-bit Systems SP2"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1709 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1709 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1607 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for x64-based Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2012"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1903 for x64-based Systems"}, {"name": "Microsoft Office", "operator": "eq", "version": "2019 for Mac"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "7 for 32-bit Systems SP1"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2016"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1703 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for ARM64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1903 for ARM64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1703 for 32-bit Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "1803"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1709 for ARM64-based Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "1903"}, {"name": "Microsoft Windows RT", "operator": "eq", "version": "8.1"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for x64-based Systems SP2"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1607 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "8.1 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1903 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for 32-bit Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 for Itanium-based Systems SP2"}, {"name": "Microsoft Windows", "operator": "eq", "version": "8.1 for x64-based Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2019"}, {"name": "Microsoft Windows", "operator": "eq", "version": "7 for x64-based Systems SP1"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for ARM64-based Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2008 R2 for Itanium-based Systems SP1"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2012 R2"}], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T07:12:48", "description": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1078, CVE-2019-1148.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-08-14T21:15:00", "title": "CVE-2019-1153", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1153"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/a:microsoft:office:2019"], "id": "CVE-2019-1153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1153", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2019-08-15T16:24:18", "description": "", "published": "2019-08-15T00:00:00", "type": "exploitdb", "title": "Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-1153"], "modified": "2019-08-15T00:00:00", "id": "EDB-ID:47269", "href": "https://www.exploit-db.com/exploits/47269", "sourceData": "-----=====[ Background ]=====-----\r\n\r\nThe Microsoft Font Subsetting DLL (fontsub.dll) is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows GDI and Direct2D, and parts of the same code are also found in the t2embed.dll library designed to load and process embedded fonts.\r\n\r\nThe DLL exposes two API functions: CreateFontPackage and MergeFontPackage. We have developed a testing harness which invokes a pseudo-random sequence of such calls with a chosen font file passed as input. This report describes a crash triggered by a malformed font file in the fontsub.dll code through our harness.\r\n\r\n-----=====[ Description ]=====-----\r\n\r\nWe have encountered the following crash in fontsub!FixSbitSubTableFormat1:\r\n\r\n--- cut ---\r\n(e38.4e58): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\nFONTSUB!FixSbitSubTableFormat1+0x76:\r\n00007fff`c08717ce 438b0c1a mov ecx,dword ptr [r10+r11] ds:000001fa`7e952000=????????\r\n\r\n0:000> ? r10\r\nEvaluate expression: 64 = 00000000`00000040\r\n\r\n0:000> ? r11\r\nEvaluate expression: 2175377153984 = 000001fa`7e951fc0\r\n\r\n0:000> !heap -p -a r11\r\n address 000001fa7e951fc0 found in\r\n _DPH_HEAP_ROOT @ 1fa7e871000\r\n in busy allocation ( DPH_HEAP_BLOCK: UserAddr UserSize - VirtAddr VirtSize)\r\n 1fa7e873958: 1fa7e951fc0 40 - 1fa7e951000 2000\r\n 00007fffcf6530df ntdll!RtlDebugAllocateHeap+0x000000000000003f\r\n 00007fffcf60b52c ntdll!RtlpAllocateHeap+0x0000000000077d7c\r\n 00007fffcf59143b ntdll!RtlpAllocateHeapInternal+0x00000000000005cb\r\n 00007fff9b90be42 vrfcore!VfCoreRtlAllocateHeap+0x0000000000000022\r\n 00007fffcca398f0 msvcrt!malloc+0x0000000000000070\r\n 00007fffc086fd1e FONTSUB!Mem_Alloc+0x0000000000000012\r\n 00007fffc08723db FONTSUB!ModSbit+0x000000000000049b\r\n 00007fffc08670aa FONTSUB!CreateDeltaTTFEx+0x0000000000000612\r\n 00007fffc0866a63 FONTSUB!CreateDeltaTTF+0x00000000000002cb\r\n 00007fffc086132a FONTSUB!CreateFontPackage+0x000000000000015a\r\n[...]\r\n \r\n0:000> k\r\n # Child-SP RetAddr Call Site\r\n00 00000006`9dcfd2d0 00007fff`c0871b0e FONTSUB!FixSbitSubTableFormat1+0x76\r\n01 00000006`9dcfd310 00007fff`c0872460 FONTSUB!FixSbitSubTableArray+0x2aa\r\n02 00000006`9dcfd430 00007fff`c08670aa FONTSUB!ModSbit+0x520\r\n03 00000006`9dcfd570 00007fff`c0866a63 FONTSUB!CreateDeltaTTFEx+0x612\r\n04 00000006`9dcfd690 00007fff`c086132a FONTSUB!CreateDeltaTTF+0x2cb\r\n05 00000006`9dcfd7d0 00007ff6`1a8a85d1 FONTSUB!CreateFontPackage+0x15a\r\n[...]\r\n--- cut ---\r\n\r\nThe issue reproduces on a fully updated Windows 10 1709; we haven't tested earlier versions of the system. It could be potentially used to disclose sensitive data from the process address space. It is easiest to reproduce with PageHeap enabled. Attached are 3 proof of concept malformed font files which trigger the crash.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47269.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/47269"}], "mscve": [{"lastseen": "2021-03-18T19:16:18", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1153"], "description": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n\nThe update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.\n", "modified": "2019-08-13T07:00:00", "id": "MS:CVE-2019-1153", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1153", "published": "2019-08-13T07:00:00", "type": "mscve", "title": "Microsoft Graphics Component Information Disclosure Vulnerability", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-06-05T16:27:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1153", "CVE-2019-1201", "CVE-2019-1148", "CVE-2019-1151", "CVE-2019-1149", "CVE-2019-1205"], "description": "This host is missing a critical security\n update for Microsoft Office 2019 on Mac OSX according to Microsoft security\n update August 2019", "modified": "2020-06-04T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815197", "type": "openvas", "title": "Microsoft Office Multiple Vulnerabilities-Aug19 (Mac OS X)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815197\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-1201\", \"CVE-2019-1205\", \"CVE-2019-1148\", \"CVE-2019-1149\",\n \"CVE-2019-1151\", \"CVE-2019-1153\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 11:52:30 +0530 (Wed, 14 Aug 2019)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Office Multiple Vulnerabilities-Aug19 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update for Microsoft Office 2019 on Mac OSX according to Microsoft security\n update August 2019\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple errors in Microsoft Word software when it fails to properly handle\n objects in memory.\n\n - Multiple errors when the Microsoft Windows Graphics Component improperly\n handles objects in memory.\n\n - Multiple errors when the Windows font library improperly handles specially\n crafted embedded fonts.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user and gain access to\n potentially sensitive data.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2019 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to latest version provided by vendor.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/officeupdates/update-history-office-for-mac\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1201\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1205\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1148\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1149\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1151\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Office/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nif(!offVer = get_kb_item(\"MS/Office/MacOSX/Ver\")){\n exit(0);\n}\n\nif(offVer =~ \"^16\\.\")\n{\n if(version_in_range(version:offVer, test_version:\"16.17.0\", test_version2:\"16.27\"))\n {\n report = report_fixed_ver(installed_version:offVer, fixed_version:\"Upgrade to latest version provided by vendor\");\n security_message(data:report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1154", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-0714", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-1228", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-0715", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1168", "CVE-2019-1169", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512506.", "modified": "2020-07-17T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815438", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512506)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815438\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-0716\", \"CVE-2019-0720\",\n \"CVE-2019-0723\", \"CVE-2019-0736\", \"CVE-2019-1057\", \"CVE-2019-1078\",\n \"CVE-2019-1133\", \"CVE-2019-1143\", \"CVE-2019-1144\", \"CVE-2019-1145\",\n \"CVE-2019-1146\", \"CVE-2019-1147\", \"CVE-2019-1148\", \"CVE-2019-1149\",\n \"CVE-2019-1150\", \"CVE-2019-1151\", \"CVE-2019-1152\", \"CVE-2019-1153\",\n \"CVE-2019-1154\", \"CVE-2019-1155\", \"CVE-2019-1156\", \"CVE-2019-1157\",\n \"CVE-2019-1158\", \"CVE-2019-1159\", \"CVE-2019-1162\", \"CVE-2019-1164\",\n \"CVE-2019-1168\", \"CVE-2019-1169\", \"CVE-2019-1177\", \"CVE-2019-1178\",\n \"CVE-2019-1181\", \"CVE-2019-1182\", \"CVE-2019-1183\", \"CVE-2019-1187\",\n \"CVE-2019-1192\", \"CVE-2019-1193\", \"CVE-2019-1194\", \"CVE-2019-1212\",\n \"CVE-2019-1228\", \"CVE-2019-9506\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 10:21:38 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512506)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512506.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist as,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly validate\n input from a privileged user on a guest operating system.\n\n - Windows improperly handles objects in memory.\n\n - VBScript engine improperly handles objects in memory.\n\n - The XmlLite runtime (XmlLite.dll) improperly parses XML input.\n\n - Microsoft browsers improperly handle requests of different origins.\n\n - Windows Server DHCP service improperly process specially crafted packets.\n\n - Bluetooth BR/EDR key negotiation vulnerability that exists at the hardware\n specification level of any BR/EDR Bluetooth device.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to crash the host server, execute arbitrary code on the target\n system, obtain information that could be used to try to further compromise\n the affected system and negotiate the offered key length of bluetooth\n connection.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512506\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Urlmon.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.19431\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Urlmon.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.19431\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T12:52:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-0714", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1206", "CVE-2019-1168", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512488", "modified": "2019-12-20T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815439", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512488)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815439\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-0716\", \"CVE-2019-1168\",\n \"CVE-2019-1172\", \"CVE-2019-0718\", \"CVE-2019-0720\", \"CVE-2019-0723\",\n \"CVE-2019-0736\", \"CVE-2019-1177\", \"CVE-2019-1178\", \"CVE-2019-1057\",\n \"CVE-2019-1078\", \"CVE-2019-1180\", \"CVE-2019-1181\", \"CVE-2019-1133\",\n \"CVE-2019-1182\", \"CVE-2019-1183\", \"CVE-2019-1145\", \"CVE-2019-1146\",\n \"CVE-2019-1147\", \"CVE-2019-1192\", \"CVE-2019-1193\", \"CVE-2019-1194\",\n \"CVE-2019-1148\", \"CVE-2019-1149\", \"CVE-2019-1150\", \"CVE-2019-1151\",\n \"CVE-2019-1152\", \"CVE-2019-1206\", \"CVE-2019-1212\", \"CVE-2019-1153\",\n \"CVE-2019-1155\", \"CVE-2019-9506\", \"CVE-2019-1156\", \"CVE-2019-1157\",\n \"CVE-2019-1158\", \"CVE-2019-1159\", \"CVE-2019-1162\", \"CVE-2019-1164\",\n \"CVE-2019-1143\", \"CVE-2019-1144\", \"CVE-2019-1187\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 10:47:57 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512488)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512488\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to cause a target system to stop responding, run arbitrary code on the client\n machine and obtain information to further compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512488\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Urlmon.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.19431\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Urlmon.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.19431\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0988", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512497", "modified": "2020-07-17T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815431", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815431", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512497)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815431\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-1168\", \"CVE-2019-1172\",\n \"CVE-2019-0716\", \"CVE-2019-0718\", \"CVE-2019-0720\", \"CVE-2019-0723\",\n \"CVE-2019-1176\", \"CVE-2019-1177\", \"CVE-2019-0736\", \"CVE-2019-1030\",\n \"CVE-2019-1057\", \"CVE-2019-1178\", \"CVE-2019-1179\", \"CVE-2019-1180\",\n \"CVE-2019-1181\", \"CVE-2019-1078\", \"CVE-2019-1133\", \"CVE-2019-1139\",\n \"CVE-2019-1140\", \"CVE-2019-1182\", \"CVE-2019-1183\", \"CVE-2019-1145\",\n \"CVE-2019-1146\", \"CVE-2019-1147\", \"CVE-2019-1192\", \"CVE-2019-1193\",\n \"CVE-2019-1194\", \"CVE-2019-1148\", \"CVE-2019-1149\", \"CVE-2019-1197\",\n \"CVE-2019-1198\", \"CVE-2019-1150\", \"CVE-2019-1151\", \"CVE-2019-1152\",\n \"CVE-2019-1153\", \"CVE-2019-1155\", \"CVE-2019-9506\", \"CVE-2019-9511\",\n \"CVE-2019-1156\", \"CVE-2019-1157\", \"CVE-2019-9512\", \"CVE-2019-9513\",\n \"CVE-2019-9514\", \"CVE-2019-9518\", \"CVE-2019-1158\", \"CVE-2019-1159\",\n \"CVE-2019-1162\", \"CVE-2019-1163\", \"CVE-2019-1164\", \"CVE-2019-1143\",\n \"CVE-2019-1144\", \"CVE-2019-1186\", \"CVE-2019-1187\", \"CVE-2019-0988\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 08:45:08 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512497)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512497\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows font library improperly handles specially crafted embedded fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - The Chakra scripting engine improperly handles objects in memory in Microsoft\n Edge.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, elevate privileges and create a\n denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for x64-based Systems\n\n - Microsoft Windows 10 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512497\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18304\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18304\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512507", "modified": "2020-06-04T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815435", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512507)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815435\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-1168\", \"CVE-2019-1171\",\n \"CVE-2019-1172\", \"CVE-2019-0716\", \"CVE-2019-0718\", \"CVE-2019-0720\",\n \"CVE-2019-0723\", \"CVE-2019-1176\", \"CVE-2019-1177\", \"CVE-2019-0736\",\n \"CVE-2019-1030\", \"CVE-2019-1057\", \"CVE-2019-1178\", \"CVE-2019-1179\",\n \"CVE-2019-1180\", \"CVE-2019-1078\", \"CVE-2019-1133\", \"CVE-2019-1139\",\n \"CVE-2019-1140\", \"CVE-2019-1181\", \"CVE-2019-1182\", \"CVE-2019-1183\",\n \"CVE-2019-1145\", \"CVE-2019-1146\", \"CVE-2019-1192\", \"CVE-2019-1193\",\n \"CVE-2019-1194\", \"CVE-2019-1147\", \"CVE-2019-1148\", \"CVE-2019-1149\",\n \"CVE-2019-1195\", \"CVE-2019-1196\", \"CVE-2019-1197\", \"CVE-2019-1198\",\n \"CVE-2019-1150\", \"CVE-2019-1151\", \"CVE-2019-1152\", \"CVE-2019-1153\",\n \"CVE-2019-9506\", \"CVE-2019-9511\", \"CVE-2019-1155\", \"CVE-2019-1156\",\n \"CVE-2019-1157\", \"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\",\n \"CVE-2019-9518\", \"CVE-2019-1158\", \"CVE-2019-1159\", \"CVE-2019-1162\",\n \"CVE-2019-1163\", \"CVE-2019-1164\", \"CVE-2019-1143\", \"CVE-2019-1144\",\n \"CVE-2019-1186\", \"CVE-2019-1187\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 09:37:12 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512507)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512507\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - The Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - An elevation of privilege exists in SyncController in the HTTP/2\n protocol stack (HTTP)\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, obtain information to further\n compromise user's system, elevate privileges and create a denial of service\n condition causing the target system to become unresponsive.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512507\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1987\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1987\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1206", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512517", "modified": "2020-07-17T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815432", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512517)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815432\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-1168\", \"CVE-2019-1172\",\n \"CVE-2019-0716\", \"CVE-2019-0718\", \"CVE-2019-0720\", \"CVE-2019-0723\",\n \"CVE-2019-1176\", \"CVE-2019-1177\", \"CVE-2019-0736\", \"CVE-2019-1030\",\n \"CVE-2019-1057\", \"CVE-2019-1178\", \"CVE-2019-1179\", \"CVE-2019-1180\",\n \"CVE-2019-1181\", \"CVE-2019-1078\", \"CVE-2019-1133\", \"CVE-2019-1139\",\n \"CVE-2019-1140\", \"CVE-2019-1182\", \"CVE-2019-1183\", \"CVE-2019-1145\",\n \"CVE-2019-1146\", \"CVE-2019-1147\", \"CVE-2019-1192\", \"CVE-2019-1193\",\n \"CVE-2019-1194\", \"CVE-2019-1148\", \"CVE-2019-1149\", \"CVE-2019-1195\",\n \"CVE-2019-1197\", \"CVE-2019-1198\", \"CVE-2019-1150\", \"CVE-2019-1151\",\n \"CVE-2019-1152\", \"CVE-2019-1206\", \"CVE-2019-1212\", \"CVE-2019-1153\",\n \"CVE-2019-1155\", \"CVE-2019-9506\", \"CVE-2019-9511\", \"CVE-2019-1156\",\n \"CVE-2019-1157\", \"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\",\n \"CVE-2019-9518\", \"CVE-2019-1158\", \"CVE-2019-1159\", \"CVE-2019-1162\",\n \"CVE-2019-1163\", \"CVE-2019-1164\", \"CVE-2019-1143\", \"CVE-2019-1144\",\n \"CVE-2019-1186\", \"CVE-2019-1187\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 08:51:47 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512517)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512517\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows font library improperly handles specially crafted embedded fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - The Chakra scripting engine improperly handles objects in memory in Microsoft\n Edge.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, elevate privileges and create a\n denial of service condition causing the target system to become unresponsive\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512517\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.3142\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.3142\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1188", "CVE-2019-1212", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1175", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-0965", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-1131", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512516", "modified": "2020-07-17T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815433", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512516)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815433\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-1168\", \"CVE-2019-1171\",\n \"CVE-2019-1172\", \"CVE-2019-0716\", \"CVE-2019-0718\", \"CVE-2019-0720\",\n \"CVE-2019-0723\", \"CVE-2019-1175\", \"CVE-2019-1176\", \"CVE-2019-1177\",\n \"CVE-2019-0736\", \"CVE-2019-0965\", \"CVE-2019-1030\", \"CVE-2019-1057\",\n \"CVE-2019-1178\", \"CVE-2019-1179\", \"CVE-2019-1180\", \"CVE-2019-1078\",\n \"CVE-2019-1131\", \"CVE-2019-1133\", \"CVE-2019-1139\", \"CVE-2019-1140\",\n \"CVE-2019-1181\", \"CVE-2019-1182\", \"CVE-2019-1183\", \"CVE-2019-1145\",\n \"CVE-2019-1146\", \"CVE-2019-1192\", \"CVE-2019-1193\", \"CVE-2019-1194\",\n \"CVE-2019-1147\", \"CVE-2019-1148\", \"CVE-2019-1149\", \"CVE-2019-1195\",\n \"CVE-2019-1196\", \"CVE-2019-1197\", \"CVE-2019-1198\", \"CVE-2019-1150\",\n \"CVE-2019-1151\", \"CVE-2019-1212\", \"CVE-2019-1152\", \"CVE-2019-1153\",\n \"CVE-2019-9506\", \"CVE-2019-1155\", \"CVE-2019-1156\", \"CVE-2019-1157\",\n \"CVE-2019-9511\", \"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\",\n \"CVE-2019-9518\", \"CVE-2019-1158\", \"CVE-2019-1159\", \"CVE-2019-1162\",\n \"CVE-2019-1163\", \"CVE-2019-1164\", \"CVE-2019-1143\", \"CVE-2019-1144\",\n \"CVE-2019-1186\", \"CVE-2019-1187\", \"CVE-2019-1188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 09:12:59 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512516)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512516\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows DirectX improperly handles objects in memory.\n\n - Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft\n Edge.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, disclose sensitive information,\n elevate privileges and create a denial of service condition causing the target\n system to become unresponsive.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 64-based Systems\n\n - Microsoft Windows 10 Version 1709 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512516\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1330\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1330\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-1226", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1188", "CVE-2019-1212", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1175", "CVE-2019-1140", "CVE-2019-1227", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1170", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-1225", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1222", "CVE-2019-1184", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1173", "CVE-2019-0965", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1174", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-1131", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1185", "CVE-2019-1162", "CVE-2019-1141", "CVE-2019-1206", "CVE-2019-1223", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1190", "CVE-2019-1149", "CVE-2019-1224", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-0717", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512508", "modified": "2020-06-04T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815434", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512508)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815434\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-1164\", \"CVE-2019-1168\",\n \"CVE-2019-1170\", \"CVE-2019-1171\", \"CVE-2019-1172\", \"CVE-2019-0716\",\n \"CVE-2019-0717\", \"CVE-2019-0718\", \"CVE-2019-0723\", \"CVE-2019-1173\",\n \"CVE-2019-1174\", \"CVE-2019-1175\", \"CVE-2019-1176\", \"CVE-2019-1177\",\n \"CVE-2019-0965\", \"CVE-2019-1030\", \"CVE-2019-1057\", \"CVE-2019-1178\",\n \"CVE-2019-1179\", \"CVE-2019-1180\", \"CVE-2019-1078\", \"CVE-2019-1131\",\n \"CVE-2019-1133\", \"CVE-2019-1139\", \"CVE-2019-1181\", \"CVE-2019-1182\",\n \"CVE-2019-1183\", \"CVE-2019-1184\", \"CVE-2019-1145\", \"CVE-2019-1146\",\n \"CVE-2019-1192\", \"CVE-2019-1193\", \"CVE-2019-1147\", \"CVE-2019-1148\",\n \"CVE-2019-1149\", \"CVE-2019-1194\", \"CVE-2019-1195\", \"CVE-2019-1196\",\n \"CVE-2019-1197\", \"CVE-2019-1198\", \"CVE-2019-1150\", \"CVE-2019-1151\",\n \"CVE-2019-1206\", \"CVE-2019-1212\", \"CVE-2019-1222\", \"CVE-2019-1223\",\n \"CVE-2019-1152\", \"CVE-2019-1153\", \"CVE-2019-1224\", \"CVE-2019-1225\",\n \"CVE-2019-1226\", \"CVE-2019-1227\", \"CVE-2019-9506\", \"CVE-2019-1155\",\n \"CVE-2019-1156\", \"CVE-2019-9511\", \"CVE-2019-9512\", \"CVE-2019-9513\",\n \"CVE-2019-9514\", \"CVE-2019-9518\", \"CVE-2019-1157\", \"CVE-2019-1158\",\n \"CVE-2019-1159\", \"CVE-2019-1162\", \"CVE-2019-1163\", \"CVE-2019-1140\",\n \"CVE-2019-1141\", \"CVE-2019-1143\", \"CVE-2019-1144\", \"CVE-2019-1185\",\n \"CVE-2019-1186\", \"CVE-2019-1187\", \"CVE-2019-1188\", \"CVE-2019-1190\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 09:26:41 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512508)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512508\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - The Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Windows RDP server improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the security context of the local system, cause the\n host server to crash, elevate permissions and obtain information to further\n compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for x64-based Systems\n\n - Microsoft Windows 10 Version 1903 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512508\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.18362.0\", test_version2:\"11.0.18362.294\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.18362.0 - 11.0.18362.294\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-1226", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1188", "CVE-2019-1212", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1175", "CVE-2019-1140", "CVE-2019-1227", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-1225", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1222", "CVE-2019-1184", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1173", "CVE-2019-0965", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-1131", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1206", "CVE-2019-1223", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-1224", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4512501", "modified": "2020-07-17T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815436", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4512501)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815436\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-1168\", \"CVE-2019-1171\",\n \"CVE-2019-1172\", \"CVE-2019-0716\", \"CVE-2019-0718\", \"CVE-2019-0720\",\n \"CVE-2019-0723\", \"CVE-2019-1173\", \"CVE-2019-1175\", \"CVE-2019-1176\",\n \"CVE-2019-1177\", \"CVE-2019-0736\", \"CVE-2019-0965\", \"CVE-2019-1030\",\n \"CVE-2019-1057\", \"CVE-2019-1178\", \"CVE-2019-1179\", \"CVE-2019-1180\",\n \"CVE-2019-1078\", \"CVE-2019-1131\", \"CVE-2019-1133\", \"CVE-2019-1139\",\n \"CVE-2019-1140\", \"CVE-2019-1181\", \"CVE-2019-1182\", \"CVE-2019-1183\",\n \"CVE-2019-1184\", \"CVE-2019-1145\", \"CVE-2019-1146\", \"CVE-2019-1192\",\n \"CVE-2019-1193\", \"CVE-2019-1194\", \"CVE-2019-1147\", \"CVE-2019-1148\",\n \"CVE-2019-1149\", \"CVE-2019-1195\", \"CVE-2019-1196\", \"CVE-2019-1197\",\n \"CVE-2019-1198\", \"CVE-2019-1150\", \"CVE-2019-1151\", \"CVE-2019-1206\",\n \"CVE-2019-1212\", \"CVE-2019-1222\", \"CVE-2019-1223\", \"CVE-2019-1152\",\n \"CVE-2019-1153\", \"CVE-2019-1224\", \"CVE-2019-1225\", \"CVE-2019-1226\",\n \"CVE-2019-1227\", \"CVE-2019-9506\", \"CVE-2019-1155\", \"CVE-2019-1156\",\n \"CVE-2019-1157\", \"CVE-2019-9511\", \"CVE-2019-9512\", \"CVE-2019-9513\",\n \"CVE-2019-9514\", \"CVE-2019-9518\", \"CVE-2019-1158\", \"CVE-2019-1159\",\n \"CVE-2019-1162\", \"CVE-2019-1163\", \"CVE-2019-1164\", \"CVE-2019-1143\",\n \"CVE-2019-1144\", \"CVE-2019-1186\", \"CVE-2019-1187\", \"CVE-2019-1188\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 09:46:01 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4512501)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4512501\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows DirectX improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - The Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - Windows RDP server improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, obtain information to further\n compromise user's system, elevate privileges and create a denial of service\n condition causing the target system to become unresponsive.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for x64-based Systems\n\n - Microsoft Windows 10 Version 1803 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4512501\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.949\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.949\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-1226", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1188", "CVE-2019-1212", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1175", "CVE-2019-1140", "CVE-2019-1227", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1170", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-1225", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1222", "CVE-2019-1184", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1173", "CVE-2019-0965", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1174", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-1131", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1141", "CVE-2019-1206", "CVE-2019-1223", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1190", "CVE-2019-1149", "CVE-2019-1224", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-0717", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "This host is missing a critical security\n update according to Microsoft KB4511553", "modified": "2020-06-04T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310815437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815437", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4511553)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815437\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0714\", \"CVE-2019-0715\", \"CVE-2019-1168\", \"CVE-2019-1170\",\n \"CVE-2019-1171\", \"CVE-2019-1172\", \"CVE-2019-0716\", \"CVE-2019-0717\",\n \"CVE-2019-0718\", \"CVE-2019-0720\", \"CVE-2019-0723\", \"CVE-2019-1173\",\n \"CVE-2019-1174\", \"CVE-2019-1175\", \"CVE-2019-1176\", \"CVE-2019-1177\",\n \"CVE-2019-0965\", \"CVE-2019-1030\", \"CVE-2019-1057\", \"CVE-2019-1178\",\n \"CVE-2019-1179\", \"CVE-2019-1180\", \"CVE-2019-1078\", \"CVE-2019-1131\",\n \"CVE-2019-1133\", \"CVE-2019-1139\", \"CVE-2019-1140\", \"CVE-2019-1181\",\n \"CVE-2019-1182\", \"CVE-2019-1183\", \"CVE-2019-1184\", \"CVE-2019-1145\",\n \"CVE-2019-1146\", \"CVE-2019-1192\", \"CVE-2019-1193\", \"CVE-2019-1194\",\n \"CVE-2019-1147\", \"CVE-2019-1148\", \"CVE-2019-1149\", \"CVE-2019-1195\",\n \"CVE-2019-1196\", \"CVE-2019-1197\", \"CVE-2019-1198\", \"CVE-2019-1150\",\n \"CVE-2019-1151\", \"CVE-2019-1206\", \"CVE-2019-1212\", \"CVE-2019-1222\",\n \"CVE-2019-1223\", \"CVE-2019-1152\", \"CVE-2019-1153\", \"CVE-2019-1224\",\n \"CVE-2019-1225\", \"CVE-2019-1226\", \"CVE-2019-1227\", \"CVE-2019-9506\",\n \"CVE-2019-1155\", \"CVE-2019-1156\", \"CVE-2019-1157\", \"CVE-2019-9511\",\n \"CVE-2019-9512\", \"CVE-2019-9513\", \"CVE-2019-9514\", \"CVE-2019-9518\",\n \"CVE-2019-1158\", \"CVE-2019-1159\", \"CVE-2019-1162\", \"CVE-2019-1163\",\n \"CVE-2019-1164\", \"CVE-2019-1141\", \"CVE-2019-1143\", \"CVE-2019-1144\",\n \"CVE-2019-1186\", \"CVE-2019-1187\", \"CVE-2019-1188\", \"CVE-2019-1190\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 09:56:24 +0530 (Wed, 14 Aug 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4511553)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4511553\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows improperly handles calls to Advanced Local Procedure Call (ALPC).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - The Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Windows RDP server improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode, obtain information to further compromise\n a user's system, elevate permissions and create a denial of service condition\n causing the target system to become unresponsive.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\n\n - Microsoft Windows 10 Version 1809 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4511553\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.677\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.677\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-01T03:38:11", "description": "The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in Microsoft Word due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute\n arbitrary commands in the security context of the current user. (CVE-2019-1201, CVE-2019-1205)\n\n - An information disclosure vulnerability exists in Microsoft Windows Graphics due to improper handling of objects in\n memory. An authenticated, local attacker can exploit this, by running a specially crafted application to obtain\n information for further compromise of the system. (CVE-2019-1148, CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Windows font library due to improper handling of embedded fonts. An\n unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or\n open a specially crafted file, to execute arbitrary commands. (CVE-2019-1149, CVE-2019-1151)", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-14T00:00:00", "title": "Security Update for Microsoft Office (August 2019) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1153", "CVE-2019-1201", "CVE-2019-1148", "CVE-2019-1151", "CVE-2019-1149", "CVE-2019-1205"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:microsoft:word", "cpe:/a:microsoft:onenote", "cpe:/a:microsoft:powerpoint", "cpe:/a:microsoft:outlook", "cpe:/a:microsoft:office", "cpe:/a:microsoft:excel", "cpe:/o:apple:mac_os_x"], "id": "MACOS_MS19_AUG_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/127894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127894);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/10/17 14:31:04\");\n\n script_cve_id(\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1151\",\n \"CVE-2019-1153\",\n \"CVE-2019-1201\",\n \"CVE-2019-1205\"\n );\n\n script_name(english:\"Security Update for Microsoft Office (August 2019) (macOS)\");\n script_summary(english:\"Checks the version of Microsoft Office.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in Microsoft Word due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute\n arbitrary commands in the security context of the current user. (CVE-2019-1201, CVE-2019-1205)\n\n - An information disclosure vulnerability exists in Microsoft Windows Graphics due to improper handling of objects in\n memory. An authenticated, local attacker can exploit this, by running a specially crafted application to obtain\n information for further compromise of the system. (CVE-2019-1148, CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Windows font library due to improper handling of embedded fonts. An\n unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or\n open a specially crafted file, to execute arbitrary commands. (CVE-2019-1149, CVE-2019-1151)\");\n # https://docs.microsoft.com/en-us/officeupdates/release-notes-office-2016-mac#august-2019-release\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a62a6d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft Office for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:outlook\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:onenote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_office_installed.nbin\");\n script_require_keys(\"Host/MacOSX/Version\");\n script_require_ports(\"installed_sw/Microsoft Word\", \"installed_sw/Microsoft Excel\", \"installed_sw/Microsoft PowerPoint\", \"installed_sw/Microsoft OneNote\", \"installed_sw/Microsoft Outlook\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\ninclude(\"vcf.inc\");\n\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\napps = make_list(\n 'Microsoft Word',\n 'Microsoft Excel',\n 'Microsoft PowerPoint',\n 'Microsoft OneNote',\n 'Microsoft Outlook'\n);\nreport = '';\n\n#2016\nmin_ver_16 = '16';\nfix_ver_16 = '16.16.13';\nfix_disp_16 = '16.16.13 (19081100)';\n\n#2019\nmin_ver_19 = '16.17.0';\nfix_ver_19 = '16.28';\nfix_disp_19 = '16.28 (19081202)';\n\nforeach app (apps)\n{\n installs = get_installs(app_name:app);\n if (isnull(installs[1]))\n continue;\n\n foreach install (installs[1])\n {\n version = install['version'];\n\n if (ver_compare(ver:version, minver:min_ver_19, fix:fix_ver_19, strict:FALSE) < 0)\n {\n app_label = app + ' for Mac 2019';\n report +=\n '\\n\\n Product : ' + app_label +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix_disp_19;\n }\n else if (ver_compare(ver:version, minver:min_ver_16, fix:fix_ver_16, strict:FALSE) < 0)\n {\n app_label = app + ' for Mac 2016';\n report +=\n '\\n\\n Product : ' + app_label +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix_disp_16;\n }\n }\n}\nif (empty(report))\n audit(AUDIT_HOST_NOT, \"affected\");\n\nif (os =~ \"^Mac OS X 10\\.[0-9](\\.|$)\")\n report += '\\n Note : Update will require Mac OS X 10.10.0 or later.\\n';\n\nsecurity_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T06:18:43", "description": "The remote Windows host is missing security update 4512491\nor cumulative update 4512476. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1154, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1169)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1228)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-1213)", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512491: Windows Server 2008 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1213", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-1153", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1154", "CVE-2019-1144", "CVE-2019-1148", "CVE-2019-0714", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-1228", "CVE-2019-1187", "CVE-2019-0715", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1168", "CVE-2019-1169", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1183"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_AUG_4512476.NASL", "href": "https://www.tenable.com/plugins/nessus/127842", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127842);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/17 14:31:05\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0720\",\n \"CVE-2019-0736\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1154\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1169\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1183\",\n \"CVE-2019-1187\",\n \"CVE-2019-1194\",\n \"CVE-2019-1212\",\n \"CVE-2019-1213\",\n \"CVE-2019-1228\"\n );\n script_xref(name:\"MSKB\", value:\"4512476\");\n script_xref(name:\"MSKB\", value:\"4512491\");\n script_xref(name:\"MSFT\", value:\"MS19-4512476\");\n script_xref(name:\"MSFT\", value:\"MS19-4512491\");\n\n script_name(english:\"KB4512491: Windows Server 2008 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512491\nor cumulative update 4512476. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1154, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1169)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1228)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-1213)\");\n # https://support.microsoft.com/en-us/help/4512486/windows-7-update-kb4512486\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa319ae7\");\n # https://support.microsoft.com/en-us/help/4512476/windows-server-2008-update-kb4512476\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?127b7a44\");\n # https://support.microsoft.com/en-us/help/4512491/windows-server-2008-update-kb4512491\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5f68421\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4512491 or Cumulative Update KB4512476.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1183\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512491', '4512476');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512491, 4512476])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T06:18:49", "description": "The remote Windows host is missing security update 4512486\nor cumulative update 4512506. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1154, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1169)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0723)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1228)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512486: Windows 7 and Windows Server 2008 R2 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1154", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-0714", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-1228", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-0715", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1168", "CVE-2019-1169", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1183"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_AUG_4512506.NASL", "href": "https://www.tenable.com/plugins/nessus/127846", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127846);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/24 11:01:34\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1154\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1169\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1212\",\n \"CVE-2019-1228\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"MSKB\", value:\"4512506\");\n script_xref(name:\"MSKB\", value:\"4512486\");\n script_xref(name:\"MSFT\", value:\"MS19-4512506\");\n script_xref(name:\"MSFT\", value:\"MS19-4512486\");\n\n script_name(english:\"KB4512486: Windows 7 and Windows Server 2008 R2 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512486\nor cumulative update 4512506. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1154, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1169)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0723)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1228)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512506/windows-7-update-kb4512506\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b7972a29\");\n # https://support.microsoft.com/en-us/help/4512486/windows-7-update-kb4512486\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa319ae7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4512486 or Cumulative Update KB4512506.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1181\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512506', '4512486');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512506, 4512486])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T06:18:55", "description": "The remote Windows host is missing security update 4512482\nor cumulative update 4512518. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512482: Windows Server 2012 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-0714", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1206", "CVE-2019-1168", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1183"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_AUG_4512518.NASL", "href": "https://www.tenable.com/plugins/nessus/127851", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127851);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/24 11:01:34\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1206\",\n \"CVE-2019-1212\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"MSKB\", value:\"4512518\");\n script_xref(name:\"MSKB\", value:\"4512482\");\n script_xref(name:\"MSFT\", value:\"MS19-4512518\");\n script_xref(name:\"MSFT\", value:\"MS19-4512482\");\n\n script_name(english:\"KB4512482: Windows Server 2012 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512482\nor cumulative update 4512518. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512518/windows-server-2012-update-kb4512518\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5235a5d1\");\n # https://support.microsoft.com/en-us/help/4512482/windows-server-2012-update-kb4512482\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?262ad9a7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4512482 or Cumulative Update KB4512518.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1181\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512518', '4512482');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512518, 4512482])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:31:50", "description": "The remote Windows host is missing security update 4512489\nor cumulative update 4512488. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)", "edition": 10, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512489: Windows 8.1 and Windows Server 2012 R2 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-0714", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1206", "CVE-2019-1168", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1183"], "modified": "2019-08-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_AUG_4512488.NASL", "href": "https://www.tenable.com/plugins/nessus/127843", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127843);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/29\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1172\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1206\",\n \"CVE-2019-1212\",\n \"CVE-2019-9506\"\n );\n script_xref(name:\"MSKB\", value:\"4512489\");\n script_xref(name:\"MSKB\", value:\"4512488\");\n script_xref(name:\"MSFT\", value:\"MS19-4512489\");\n script_xref(name:\"MSFT\", value:\"MS19-4512488\");\n\n script_name(english:\"KB4512489: Windows 8.1 and Windows Server 2012 R2 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512489\nor cumulative update 4512488. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512489/windows-8-1-update-kb4512489\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c858a23\");\n # https://support.microsoft.com/en-us/help/4512488/windows-8-1-update-kb4512488\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fc7ed0c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4512489 or Cumulative Update KB4512488.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1182\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512488', '4512489');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512488, 4512489])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:31:50", "description": "The remote Windows host is missing security update 4512497.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1197)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512497: Windows 10 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "modified": "2019-08-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512497.NASL", "href": "https://www.tenable.com/plugins/nessus/127844", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127844);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1172\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512497\");\n script_xref(name:\"MSFT\", value:\"MS19-4512497\");\n\n script_name(english:\"KB4512497: Windows 10 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512497.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1197)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512497/windows-10-update-kb4512497\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?44d01258\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4512497.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1181\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512497');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512497])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:31:52", "description": "The remote Windows host is missing security update 4512507.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512507: Windows 10 Version 1703 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "modified": "2019-08-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512507.NASL", "href": "https://www.tenable.com/plugins/nessus/127847", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127847);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512507\");\n script_xref(name:\"MSFT\", value:\"MS19-4512507\");\n\n script_name(english:\"KB4512507: Windows 10 Version 1703 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512507.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1195, CVE-2019-1196, CVE-2019-1197)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512507/windows-10-update-kb4512507\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?88ec0338\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4512507.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1181\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512507');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512507])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:31:55", "description": "The remote Windows host is missing security update 4512517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1195, CVE-2019-1197)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1206", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "modified": "2019-08-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512517.NASL", "href": "https://www.tenable.com/plugins/nessus/127850", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127850);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1172\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1206\",\n \"CVE-2019-1212\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512517\");\n script_xref(name:\"MSFT\", value:\"MS19-4512517\");\n\n script_name(english:\"KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1139, CVE-2019-1140,\n CVE-2019-1195, CVE-2019-1197)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could cause\n the DHCP service to become nonresponsive.\n (CVE-2019-1206)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\");\n # https://support.microsoft.com/en-us/help/4512517/windows-10-update-kb4512517\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a3721c7\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4512517.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1181\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512517');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512517])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:31:54", "description": "The remote Windows host is missing security update 4512516.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,\n CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512516: Windows 10 Version 1709 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1188", "CVE-2019-1212", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1175", "CVE-2019-1140", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-0965", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-1131", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "modified": "2019-08-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512516.NASL", "href": "https://www.tenable.com/plugins/nessus/127849", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127849);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-0965\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1131\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1175\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1188\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1212\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512516\");\n script_xref(name:\"MSFT\", value:\"MS19-4512516\");\n\n script_name(english:\"KB4512516: Windows 10 Version 1709 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512516.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,\n CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)\");\n # https://support.microsoft.com/en-us/help/4512516/windows-10-update-kb4512516\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7cadca2\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4512516.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1181\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512516');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512516])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:31:51", "description": "The remote Windows host is missing security update 4512501.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the\n Windows RDP server improperly discloses the contents of\n its memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1227)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,\n CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182,\n CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - An elevation of privilege vulnerability exists in the\n way that the PsmServiceExtHost.dll handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2019-1173)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when\n Windows Core Shell COM Server Registrar improperly\n handles COM calls. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)", "edition": 10, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-13T00:00:00", "title": "KB4512501: Windows 10 Version 1803 August 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1195", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-1226", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1188", "CVE-2019-1212", "CVE-2019-1171", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1192", "CVE-2019-1175", "CVE-2019-1140", "CVE-2019-1227", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-1139", "CVE-2019-9511", "CVE-2019-1225", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1222", "CVE-2019-1184", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-1197", "CVE-2019-1030", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1173", "CVE-2019-0965", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1193", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-1131", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1223", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-1196", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-1224", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "modified": "2019-08-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_AUG_4512501.NASL", "href": "https://www.tenable.com/plugins/nessus/127845", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127845);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2019-0714\",\n \"CVE-2019-0715\",\n \"CVE-2019-0716\",\n \"CVE-2019-0718\",\n \"CVE-2019-0720\",\n \"CVE-2019-0723\",\n \"CVE-2019-0736\",\n \"CVE-2019-0965\",\n \"CVE-2019-1030\",\n \"CVE-2019-1057\",\n \"CVE-2019-1078\",\n \"CVE-2019-1131\",\n \"CVE-2019-1133\",\n \"CVE-2019-1139\",\n \"CVE-2019-1140\",\n \"CVE-2019-1143\",\n \"CVE-2019-1144\",\n \"CVE-2019-1145\",\n \"CVE-2019-1146\",\n \"CVE-2019-1147\",\n \"CVE-2019-1148\",\n \"CVE-2019-1149\",\n \"CVE-2019-1150\",\n \"CVE-2019-1151\",\n \"CVE-2019-1152\",\n \"CVE-2019-1153\",\n \"CVE-2019-1155\",\n \"CVE-2019-1156\",\n \"CVE-2019-1157\",\n \"CVE-2019-1158\",\n \"CVE-2019-1159\",\n \"CVE-2019-1162\",\n \"CVE-2019-1163\",\n \"CVE-2019-1164\",\n \"CVE-2019-1168\",\n \"CVE-2019-1171\",\n \"CVE-2019-1172\",\n \"CVE-2019-1173\",\n \"CVE-2019-1175\",\n \"CVE-2019-1176\",\n \"CVE-2019-1177\",\n \"CVE-2019-1178\",\n \"CVE-2019-1179\",\n \"CVE-2019-1180\",\n \"CVE-2019-1181\",\n \"CVE-2019-1182\",\n \"CVE-2019-1183\",\n \"CVE-2019-1184\",\n \"CVE-2019-1186\",\n \"CVE-2019-1187\",\n \"CVE-2019-1188\",\n \"CVE-2019-1192\",\n \"CVE-2019-1193\",\n \"CVE-2019-1194\",\n \"CVE-2019-1195\",\n \"CVE-2019-1196\",\n \"CVE-2019-1197\",\n \"CVE-2019-1198\",\n \"CVE-2019-1212\",\n \"CVE-2019-1222\",\n \"CVE-2019-1223\",\n \"CVE-2019-1224\",\n \"CVE-2019-1225\",\n \"CVE-2019-1226\",\n \"CVE-2019-1227\",\n \"CVE-2019-9506\",\n \"CVE-2019-9511\",\n \"CVE-2019-9512\",\n \"CVE-2019-9513\",\n \"CVE-2019-9514\",\n \"CVE-2019-9518\"\n );\n script_xref(name:\"MSKB\", value:\"4512501\");\n script_xref(name:\"MSFT\", value:\"MS19-4512501\");\n\n script_name(english:\"KB4512501: Windows 10 Version 1803 August 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4512501.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles calls to Advanced Local\n Procedure Call (ALPC). An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n the security context of the local system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1162)\n\n - A security feature bypass vulnerability exists when\n Microsoft browsers improperly handle requests of\n different origins. The vulnerability allows Microsoft\n browsers to bypass Same-Origin Policy (SOP)\n restrictions, and to allow requests that should\n otherwise be ignored. An attacker who successfully\n exploited the vulnerability could force the browser to\n send data that would otherwise be restricted.\n (CVE-2019-1192)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1133, CVE-2019-1194)\n\n - A denial of service vulnerability exists when the\n XmlLite runtime (XmlLite.dll) improperly parses XML\n input. An attacker who successfully exploited this\n vulnerability could cause a denial of service against an\n XML application. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted\n requests to an XML application. The update addresses the\n vulnerability by correcting how the XmlLite runtime\n parses XML input. (CVE-2019-1187)\n\n - An elevation of privilege vulnerability exists when\n DirectX improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could run arbitrary code in kernel mode. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2019-1176)\n\n - An information disclosure vulnerability exists when the\n Windows RDP server improperly discloses the contents of\n its memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the system. (CVE-2019-1224, CVE-2019-1225)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1146, CVE-2019-1147, CVE-2019-1155,\n CVE-2019-1156, CVE-2019-1157)\n\n - A denial of service vulnerability exists in the HTTP/2\n protocol stack (HTTP.sys) when HTTP.sys improperly\n parses specially crafted HTTP/2 requests. An attacker\n who successfully exploited the vulnerability could\n create a denial of service condition, causing the target\n system to become unresponsive. (CVE-2019-9511,\n CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,\n CVE-2019-9518)\n\n - <h1>Executive Summary</h1> Microsoft is aware of the\n Bluetooth BR/EDR (basic rate/enhanced data rate, known\n as "Bluetooth Classic") key negotiation\n vulnerability that exists at the hardware specification\n level of any BR/EDR Bluetooth device. An attacker could\n potentially be able to negotiate the offered key length\n down to 1 byte of entropy, from a maximum of 16 bytes.\n (CVE-2019-9506)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1223)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1227)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows that could allow remote code execution\n if a .LNK file is processed. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. (CVE-2019-1188)\n\n - An elevation of privilege exists in the p2pimsvc service\n where an attacker who successfully exploited the\n vulnerability could run arbitrary code with elevated\n privileges. (CVE-2019-1168)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0965)\n\n - An information disclosure vulnerability exists when the\n Windows Graphics component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. An authenticated attacker\n could exploit this vulnerability by running a specially\n crafted application. The update addresses the\n vulnerability by correcting how the Windows Graphics\n Component handles objects in memory. (CVE-2019-1078)\n\n - An elevation of privilege vulnerability exists in the\n way that the wcmsvc.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1180, CVE-2019-1186)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1131, CVE-2019-1139,\n CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,\n CVE-2019-1197)\n\n - An elevation of privilege vulnerability exists in the\n way that the psmsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1175)\n\n - An information disclosure vulnerability exists in\n SymCrypt during the OAEP decryption stage. An attacker\n who successfully exploited this vulnerability could\n obtain information to further compromise the users\n system. (CVE-2019-1171)\n\n - An elevation of privilege exists in SyncController.dll.\n An attacker who successfully exploited the vulnerability\n could run arbitrary code with elevated privileges.\n (CVE-2019-1198)\n\n - An elevation of privilege vulnerability exists in the\n way that the ssdpsrv.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1178)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited the vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1144,\n CVE-2019-1145, CVE-2019-1149, CVE-2019-1150,\n CVE-2019-1151, CVE-2019-1152)\n\n - A security feature bypass exists when Windows\n incorrectly validates CAB file signatures. An attacker\n who successfully exploited this vulnerability could\n inject code into a CAB file without invalidating the\n file's signature. (CVE-2019-1163)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1159, CVE-2019-1164)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1183)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0720)\n\n - A memory corruption vulnerability exists in the Windows\n DHCP client when an attacker sends specially crafted\n DHCP responses to a client. An attacker who successfully\n exploited the vulnerability could run arbitrary code on\n the client machine. (CVE-2019-0736)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1148,\n CVE-2019-1153)\n\n - A remote code execution vulnerability exists in Remote\n Desktop Services formerly known as Terminal Services\n when an unauthenticated attacker connects to the target\n system using RDP and sends specially crafted requests.\n This vulnerability is pre-authentication and requires no\n user interaction. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n target system. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1181, CVE-2019-1182,\n CVE-2019-1222, CVE-2019-1226)\n\n - An elevation of privilege vulnerability exists in the\n way that the rpcss.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1177)\n\n - An elevation of privilege vulnerability exists in the\n way that the PsmServiceExtHost.dll handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2019-1173)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1193)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1030)\n\n - An information disclosure vulnerability exists in Azure\n Active Directory (AAD) Microsoft Account (MSA) during\n the login request session. An attacker who successfully\n exploited the vulnerability could take over a user's\n account. (CVE-2019-1172)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0714, CVE-2019-0715, CVE-2019-0718,\n CVE-2019-0723)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-0716)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise a users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n the Windows GDI component handles objects in memory.\n (CVE-2019-1143, CVE-2019-1158)\n\n - An elevation of privilege vulnerability exists when\n Windows Core Shell COM Server Registrar improperly\n handles COM calls. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2019-1184)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when processing specially crafted\n packets. An attacker who successfully exploited the\n vulnerability could cause the DHCP server service to\n stop responding. (CVE-2019-1212)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1057)\n\n - An elevation of privilege vulnerability exists in the\n way that the unistore.dll handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1179)\");\n # https://support.microsoft.com/en-us/help/4512501/august-13-2019-kb4512501-os-build-17134-942\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39c6baa6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4512501.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1181\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-08\";\nkbs = make_list('4512501');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"08_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4512501])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:44:25", "bulletinFamily": "info", "cvelist": ["CVE-2019-1218", "CVE-2019-1153", "CVE-2019-1200", "CVE-2019-1199", "CVE-2019-1201", "CVE-2019-1148", "CVE-2019-1202", "CVE-2019-1151", "CVE-2019-1204", "CVE-2019-1203", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-1205"], "description": "### *Detect date*:\n08/13/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, gain privileges, obtain sensitive information.\n\n### *Affected products*:\nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft SharePoint Server 2019 \nOutlook for iOS \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2019 for Mac \nMicrosoft Office Online Server \nOffice 365 ProPlus for 32-bit Systems \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft Office 2016 for Mac \nOffice 365 ProPlus for 64-bit Systems \nMicrosoft Outlook 2016 (64-bit edition) \nMicrosoft Outlook 2013 Service Pack 1 (32-bit editions) \nMicrosoft Outlook 2016 (32-bit edition) \nMicrosoft Outlook 2010 Service Pack 2 (64-bit editions) \nMicrosoft Outlook 2013 RT Service Pack 1 \nMicrosoft Outlook 2013 Service Pack 1 (64-bit editions) \nMicrosoft Outlook 2010 Service Pack 2 (32-bit editions) \nMicrosoft SharePoint Foundation 2010 Service Pack 2 \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nWindows Server 2012 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2016 \nWindows 8.1 for x64-based systems \nWindows 10 Version 1709 for 64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2012 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2019 \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nMicrosoft Word 2010 Service Pack 2 (32-bit editions) \nMicrosoft Word 2013 Service Pack 1 (32-bit editions) \nMicrosoft Word 2013 Service Pack 1 (64-bit editions) \nMicrosoft Word 2016 (32-bit edition) \nMicrosoft Word 2016 (64-bit edition) \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft Word 2013 RT Service Pack 1 \nMicrosoft Word 2010 Service Pack 2 (64-bit editions)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1203](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1203>) \n[CVE-2019-1218](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1218>) \n[CVE-2019-1205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1205>) \n[CVE-2019-1204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1204>) \n[CVE-2019-1199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1199>) \n[CVE-2019-1200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200>) \n[CVE-2019-1202](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202>) \n[CVE-2019-1153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1153>) \n[CVE-2019-1155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1155>) \n[CVE-2019-1201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201>) \n[CVE-2019-1149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1149>) \n[CVE-2019-1148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148>) \n[CVE-2019-1151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1151>) \n[ADV190014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190014>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2019-1153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1153>)0.0Unknown \n[CVE-2019-1151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1151>)0.0Unknown \n[CVE-2019-1148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1148>)0.0Unknown \n[CVE-2019-1155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1155>)0.0Unknown \n[CVE-2019-1149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1149>)0.0Unknown \n[CVE-2019-1203](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1203>)0.0Unknown \n[CVE-2019-1218](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1218>)0.0Unknown \n[CVE-2019-1205](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1205>)0.0Unknown \n[CVE-2019-1204](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1204>)0.0Unknown \n[CVE-2019-1199](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1199>)0.0Unknown \n[CVE-2019-1200](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1200>)0.0Unknown \n[CVE-2019-1202](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1202>)0.0Unknown \n[CVE-2019-1201](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1201>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4475506](<http://support.microsoft.com/kb/4475506>) \n[4475538](<http://support.microsoft.com/kb/4475538>) \n[4464599](<http://support.microsoft.com/kb/4464599>) \n[4475555](<http://support.microsoft.com/kb/4475555>) \n[4475549](<http://support.microsoft.com/kb/4475549>) \n[4475557](<http://support.microsoft.com/kb/4475557>) \n[4475528](<http://support.microsoft.com/kb/4475528>) \n[4475563](<http://support.microsoft.com/kb/4475563>) \n[4475573](<http://support.microsoft.com/kb/4475573>) \n[4475553](<http://support.microsoft.com/kb/4475553>) \n[4475565](<http://support.microsoft.com/kb/4475565>) \n[4475575](<http://support.microsoft.com/kb/4475575>) \n[4475530](<http://support.microsoft.com/kb/4475530>) \n[4475540](<http://support.microsoft.com/kb/4475540>) \n[4475547](<http://support.microsoft.com/kb/4475547>) \n[4462137](<http://support.microsoft.com/kb/4462137>) \n[4475531](<http://support.microsoft.com/kb/4475531>) \n[4462216](<http://support.microsoft.com/kb/4462216>) \n[4475534](<http://support.microsoft.com/kb/4475534>) \n[4475533](<http://support.microsoft.com/kb/4475533>)", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2019-08-13T00:00:00", "id": "KLA11536", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11536", "title": "\r KLA11536Multiple vulnerabilities in Microsoft Office ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:54:59", "bulletinFamily": "info", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1213", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1212", "CVE-2019-1133", "CVE-2019-1158", "CVE-2019-1154", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-1182", "CVE-2019-1148", "CVE-2019-0714", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1194", "CVE-2019-0716", "CVE-2019-1152", "CVE-2019-1228", "CVE-2019-1187", "CVE-2019-0715", "CVE-2019-1147", "CVE-2019-1162", "CVE-2019-1168", "CVE-2019-1169", "CVE-2019-1155", "CVE-2019-1149", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-1159"], "description": "### *Detect date*:\n08/13/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nUnspecified vulnerability was found in Microsoft Extended Security Updates. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, spoof user interface, gain privileges.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOffice 365 ProPlus for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 Version 1903 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 8.1 for x64-based systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1709 for 32-bit Systems \nMicrosoft Office 2016 (64-bit edition) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows RT 8.1 \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nWindows 10 for 32-bit Systems \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nWindows 10 Version 1803 for 32-bit Systems \nMicrosoft Office 2013 RT Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1803 for ARM64-based Systems \nInternet Explorer 10 \nOffice 365 ProPlus for 64-bit Systems \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server, version 1803 (Server Core Installation) \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2016 (32-bit edition) \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2012 \nInternet Explorer 9 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1903 for 32-bit Systems \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nWindows 10 Version 1709 for x64-based Systems \nMicrosoft Office 2019 for 32-bit editions \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1903 for ARM64-based Systems \nInternet Explorer 11 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 1903 (Server Core installation) \nWindows 10 for x64-based Systems \nMicrosoft Office 2019 for 64-bit editions \nWindows Server 2008 for 32-bit Systems Service Pack 2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0716](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0716>) \n[CVE-2019-0715](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0715>) \n[CVE-2019-0714](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0714>) \n[CVE-2019-0736](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0736>) \n[CVE-2019-1145](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1145>) \n[CVE-2019-1162](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1162>) \n[CVE-2019-1147](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1147>) \n[CVE-2019-1212](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1212>) \n[CVE-2019-1143](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1143>) \n[CVE-2019-1164](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1164>) \n[CVE-2019-1169](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1169>) \n[CVE-2019-1168](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1168>) \n[CVE-2019-1149](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1149>) \n[CVE-2019-1148](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1148>) \n[CVE-2019-1181](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1181>) \n[CVE-2019-1182](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1182>) \n[CVE-2019-1187](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1187>) \n[CVE-2019-9506](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-9506>) \n[CVE-2019-1228](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1228>) \n[CVE-2019-1133](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1133>) \n[CVE-2019-1178](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1178>) \n[CVE-2019-0723](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0723>) \n[CVE-2019-0720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0720>) \n[CVE-2019-1177](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1177>) \n[CVE-2019-1156](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1156>) \n[CVE-2019-1157](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1157>) \n[CVE-2019-1154](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1154>) \n[CVE-2019-1155](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1155>) \n[CVE-2019-1057](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1057>) \n[CVE-2019-1153](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1153>) \n[CVE-2019-1150](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1150>) \n[CVE-2019-1151](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1151>) \n[CVE-2019-1078](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1078>) \n[CVE-2019-1158](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1158>) \n[CVE-2019-1159](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1159>) \n[CVE-2019-1194](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1194>) \n[CVE-2019-1144](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1144>) \n[CVE-2019-1213](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1213>) \n[CVE-2019-1146](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1146>) \n[CVE-2019-1152](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1152>) \n[ADV190023](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV190023>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-1194](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1194>)0.0Unknown \n[CVE-2019-1133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1133>)0.0Unknown \n[CVE-2019-1143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1143>)0.0Unknown \n[CVE-2019-0720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0720>)0.0Unknown \n[CVE-2019-0715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0715>)0.0Unknown \n[CVE-2019-0716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0716>)0.0Unknown \n[CVE-2019-1144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1144>)0.0Unknown \n[CVE-2019-9506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506>)0.0Unknown \n[CVE-2019-1154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1154>)0.0Unknown \n[CVE-2019-1177](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1177>)0.0Unknown \n[CVE-2019-1153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1153>)0.0Unknown \n[CVE-2019-1147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1147>)0.0Unknown \n[CVE-2019-1078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1078>)0.0Unknown \n[CVE-2019-0714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0714>)0.0Unknown \n[CVE-2019-1169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1169>)0.0Unknown \n[CVE-2019-1145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1145>)0.0Unknown \n[CVE-2019-1187](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1187>)0.0Unknown \n[CVE-2019-1151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1151>)0.0Unknown \n[CVE-2019-1146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1146>)0.0Unknown \n[CVE-2019-1148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1148>)0.0Unknown \n[CVE-2019-1178](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1178>)0.0Unknown \n[CVE-2019-1181](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1181>)0.0Unknown \n[CVE-2019-1157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1157>)0.0Unknown \n[CVE-2019-1213](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1213>)0.0Unknown \n[CVE-2019-1155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1155>)0.0Unknown \n[CVE-2019-0723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0723>)0.0Unknown \n[CVE-2019-1149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1149>)0.0Unknown \n[CVE-2019-1159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1159>)0.0Unknown \n[CVE-2019-1212](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1212>)0.0Unknown \n[CVE-2019-1162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1162>)0.0Unknown \n[CVE-2019-1150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1150>)0.0Unknown \n[CVE-2019-1164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1164>)0.0Unknown \n[CVE-2019-1152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1152>)0.0Unknown \n[CVE-2019-1158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1158>)0.0Unknown \n[CVE-2019-1156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1156>)0.0Unknown \n[CVE-2019-1228](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1228>)0.0Unknown \n[CVE-2019-1182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1182>)0.0Unknown \n[CVE-2019-1057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1057>)0.0Unknown \n[CVE-2019-0736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0736>)0.0Unknown \n[CVE-2019-1168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1168>)0.0Unknown\n\n### *KB list*:\n[4512506](<http://support.microsoft.com/kb/4512506>) \n[4511872](<http://support.microsoft.com/kb/4511872>) \n[4512476](<http://support.microsoft.com/kb/4512476>) \n[4512486](<http://support.microsoft.com/kb/4512486>) \n[4512491](<http://support.microsoft.com/kb/4512491>) \n[4541506](<http://support.microsoft.com/kb/4541506>) \n[4540688](<http://support.microsoft.com/kb/4540688>) \n[4541504](<http://support.microsoft.com/kb/4541504>) \n[4541500](<http://support.microsoft.com/kb/4541500>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-06-18T00:00:00", "published": "2019-08-13T00:00:00", "id": "KLA11697", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11697", "title": "\r KLA11697Multiple vulnerabilities in Microsoft products (ESU) ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:59:39", "bulletinFamily": "info", "cvelist": ["CVE-2019-1157", "CVE-2019-1078", "CVE-2019-1057", "CVE-2019-1146", "CVE-2019-1145", "CVE-2019-1177", "CVE-2019-1198", "CVE-2019-1164", "CVE-2019-1156", "CVE-2019-0720", "CVE-2019-1226", "CVE-2019-0723", "CVE-2019-1153", "CVE-2019-1163", "CVE-2019-1179", "CVE-2019-1188", "CVE-2019-1212", "CVE-2019-1171", "CVE-2019-1158", "CVE-2019-1175", "CVE-2019-1227", "CVE-2019-1144", "CVE-2019-9506", "CVE-2019-9512", "CVE-2019-1182", "CVE-2019-1170", "CVE-2019-1148", "CVE-2019-9511", "CVE-2019-1225", "CVE-2019-0714", "CVE-2019-9518", "CVE-2019-1150", "CVE-2019-1222", "CVE-2019-1184", "CVE-2019-1151", "CVE-2019-0718", "CVE-2019-0716", "CVE-2019-1173", "CVE-2019-0965", "CVE-2019-1152", "CVE-2019-9513", "CVE-2019-1174", "CVE-2019-1187", "CVE-2019-1180", "CVE-2019-0715", "CVE-2019-1172", "CVE-2019-1147", "CVE-2019-1185", "CVE-2019-1162", "CVE-2019-1206", "CVE-2019-1223", "CVE-2019-1176", "CVE-2019-1168", "CVE-2019-9514", "CVE-2019-1155", "CVE-2019-1190", "CVE-2019-1149", "CVE-2019-1224", "CVE-2019-0736", "CVE-2019-1181", "CVE-2019-1143", "CVE-2019-1178", "CVE-2019-0717", "CVE-2019-1159", "CVE-2019-1186", "CVE-2019-1183"], "description": "### *Detect date*:\n08/13/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service, spoof user interface, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1903 for 32-bit Systems \nWindows RT 8.1 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server 2012 R2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1803 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2016 \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 7 for x64-based Systems Service Pack 1 \nMicrosoft Office 2019 for Mac \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft Office 2019 for 32-bit editions \nOffice 365 ProPlus for 32-bit Systems \nMicrosoft Office 2019 for 64-bit editions \nOffice 365 ProPlus for 64-bit Systems \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nNone Available \nWindows Server, version 1709 (Server Core Installation) \nWindows Server 2016 (Server Core installation) \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2019 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1143](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1143>) \n[CVE-2019-0720](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0720>) \n[CVE-2019-1179](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1179>) \n[CVE-2019-1175](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1175>) \n[CVE-2019-1190](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1190>) \n[CVE-2019-0715](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0715>) \n[CVE-2019-1174](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1174>) \n[CVE-2019-1227](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1227>) \n[CVE-2019-0716](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0716>) \n[CVE-2019-1176](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1176>) \n[CVE-2019-1144](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1144>) \n[CVE-2019-9506](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-9506>) \n[CVE-2019-9513](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-9513>) \n[CVE-2019-1226](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1226>) \n[CVE-2019-1177](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1177>) \n[CVE-2019-1186](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1186>) \n[CVE-2019-9511](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-9511>) \n[CVE-2019-1153](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1153>) \n[CVE-2019-1147](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1147>) \n[CVE-2019-1078](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1078>) \n[CVE-2019-1171](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1171>) \n[CVE-2019-0714](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0714>) \n[CVE-2019-1145](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1145>) \n[CVE-2019-9514](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-9514>) \n[CVE-2019-1187](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1187>) \n[CVE-2019-1151](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1151>) \n[CVE-2019-9512](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-9512>) \n[CVE-2019-1146](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1146>) \n[CVE-2019-1148](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1148>) \n[CVE-2019-1178](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1178>) \n[CVE-2019-1180](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1180>) \n[CVE-2019-1181](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1181>) \n[CVE-2019-1157](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1157>) \n[CVE-2019-1163](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1163>) \n[CVE-2019-0718](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0718>) \n[CVE-2019-1172](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1172>) \n[CVE-2019-1155](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1155>) \n[CVE-2019-0723](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0723>) \n[CVE-2019-1185](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1185>) \n[CVE-2019-1149](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1149>) \n[CVE-2019-1206](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1206>) \n[CVE-2019-1159](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1159>) \n[CVE-2019-1188](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1188>) \n[CVE-2019-1173](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1173>) \n[CVE-2019-1162](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1162>) \n[CVE-2019-1150](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1150>) \n[CVE-2019-1164](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1164>) \n[CVE-2019-9518](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-9518>) \n[CVE-2019-1222](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1222>) \n[CVE-2019-1223](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1223>) \n[CVE-2019-1152](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1152>) \n[CVE-2019-1198](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1198>) \n[CVE-2019-1158](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1158>) \n[CVE-2019-1156](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1156>) \n[CVE-2019-1225](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1225>) \n[CVE-2019-1182](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1182>) \n[CVE-2019-1057](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1057>) \n[CVE-2019-1224](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1224>) \n[CVE-2019-0736](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0736>) \n[CVE-2019-1168](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1168>) \n[CVE-2019-0965](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0965>) \n[CVE-2019-0717](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0717>) \n[CVE-2019-1184](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1184>) \n[CVE-2019-1183](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1183>) \n[CVE-2019-1212](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1212>) \n[CVE-2019-1170](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1170>) \n[ADV190023](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV190023>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2019-1143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1143>)0.0Unknown \n[CVE-2019-0720](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0720>)0.0Unknown \n[CVE-2019-1179](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1179>)0.0Unknown \n[CVE-2019-1175](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1175>)0.0Unknown \n[CVE-2019-1190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1190>)0.0Unknown \n[CVE-2019-0715](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0715>)0.0Unknown \n[CVE-2019-1174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1174>)0.0Unknown \n[CVE-2019-1227](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1227>)0.0Unknown \n[CVE-2019-0716](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0716>)0.0Unknown \n[CVE-2019-1176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1176>)0.0Unknown \n[CVE-2019-1144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1144>)0.0Unknown \n[CVE-2019-9506](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9506>)0.0Unknown \n[CVE-2019-9513](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513>)0.0Unknown \n[CVE-2019-1226](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1226>)0.0Unknown \n[CVE-2019-1177](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1177>)0.0Unknown \n[CVE-2019-1186](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1186>)0.0Unknown \n[CVE-2019-9511](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511>)0.0Unknown \n[CVE-2019-1153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1153>)0.0Unknown \n[CVE-2019-1147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1147>)0.0Unknown \n[CVE-2019-1078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1078>)0.0Unknown \n[CVE-2019-1171](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1171>)0.0Unknown \n[CVE-2019-0714](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0714>)0.0Unknown \n[CVE-2019-1145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1145>)0.0Unknown \n[CVE-2019-9514](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514>)0.0Unknown \n[CVE-2019-1170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1170>)0.0Unknown \n[CVE-2019-1187](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1187>)0.0Unknown \n[CVE-2019-1151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1151>)0.0Unknown \n[CVE-2019-9512](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512>)0.0Unknown \n[CVE-2019-1146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1146>)0.0Unknown \n[CVE-2019-1148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1148>)0.0Unknown \n[CVE-2019-1178](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1178>)0.0Unknown \n[CVE-2019-1180](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1180>)0.0Unknown \n[CVE-2019-1181](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1181>)0.0Unknown \n[CVE-2019-1157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1157>)0.0Unknown \n[CVE-2019-1163](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1163>)0.0Unknown \n[CVE-2019-0718](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0718>)0.0Unknown \n[CVE-2019-1172](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1172>)0.0Unknown \n[CVE-2019-1155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1155>)0.0Unknown \n[CVE-2019-0723](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0723>)0.0Unknown \n[CVE-2019-1185](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1185>)0.0Unknown \n[CVE-2019-1149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1149>)0.0Unknown \n[CVE-2019-1206](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1206>)0.0Unknown \n[CVE-2019-1159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1159>)0.0Unknown \n[CVE-2019-1188](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1188>)0.0Unknown \n[CVE-2019-1173](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1173>)0.0Unknown \n[CVE-2019-1212](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1212>)0.0Unknown \n[CVE-2019-1162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1162>)0.0Unknown \n[CVE-2019-1150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1150>)0.0Unknown \n[CVE-2019-1164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1164>)0.0Unknown \n[CVE-2019-9518](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518>)0.0Unknown \n[CVE-2019-1222](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1222>)0.0Unknown \n[CVE-2019-1223](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1223>)0.0Unknown \n[CVE-2019-1152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1152>)0.0Unknown \n[CVE-2019-1198](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1198>)0.0Unknown \n[CVE-2019-1158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1158>)0.0Unknown \n[CVE-2019-1183](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1183>)0.0Unknown \n[CVE-2019-1156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1156>)0.0Unknown \n[CVE-2019-1225](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1225>)0.0Unknown \n[CVE-2019-1182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1182>)0.0Unknown \n[CVE-2019-1057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1057>)0.0Unknown \n[CVE-2019-1224](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1224>)0.0Unknown \n[CVE-2019-0736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0736>)0.0Unknown \n[CVE-2019-1168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1168>)0.0Unknown \n[CVE-2019-0965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0965>)0.0Unknown \n[CVE-2019-0717](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0717>)0.0Unknown \n[CVE-2019-1184](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1184>)0.0Unknown\n\n### *KB list*:\n[4512516](<http://support.microsoft.com/kb/4512516>) \n[4511553](<http://support.microsoft.com/kb/4511553>) \n[4512501](<http://support.microsoft.com/kb/4512501>) \n[4512497](<http://support.microsoft.com/kb/4512497>) \n[4512517](<http://support.microsoft.com/kb/4512517>) \n[4512518](<http://support.microsoft.com/kb/4512518>) \n[4512488](<http://support.microsoft.com/kb/4512488>) \n[4512508](<http://support.microsoft.com/kb/4512508>) \n[4512507](<http://support.microsoft.com/kb/4512507>) \n[4512482](<http://support.microsoft.com/kb/4512482>) \n[4512489](<http://support.microsoft.com/kb/4512489>) \n[4538461](<http://support.microsoft.com/kb/4538461>) \n[4541510](<http://support.microsoft.com/kb/4541510>) \n[4541509](<http://support.microsoft.com/kb/4541509>) \n[4540673](<http://support.microsoft.com/kb/4540673>) \n[4540670](<http://support.microsoft.com/kb/4540670>) \n[4540694](<http://support.microsoft.com/kb/4540694>) \n[4541505](<http://support.microsoft.com/kb/4541505>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-06-18T00:00:00", "published": "2019-08-13T00:00:00", "id": "KLA11534", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11534", "title": "\r KLA11534Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-08-20T14:20:20", "bulletinFamily": "blog", "cvelist": ["CVE-2019-0712", "CVE-2019-0714", "CVE-2019-0715", "CVE-2019-0716", "CVE-2019-0717", "CVE-2019-0718", "CVE-2019-0719", "CVE-2019-0720", "CVE-2019-0723", "CVE-2019-0736", "CVE-2019-0965", "CVE-2019-1030", "CVE-2019-1057", "CVE-2019-1078", "CVE-2019-1131", "CVE-2019-1133", "CVE-2019-1139", "CVE-2019-1140", "CVE-2019-1141", "CVE-2019-1143", "CVE-2019-1144", "CVE-2019-1145", "CVE-2019-1146", "CVE-2019-1147", "CVE-2019-1148", "CVE-2019-1149", "CVE-2019-1150", "CVE-2019-1151", "CVE-2019-1152", "CVE-2019-1153", "CVE-2019-1154", "CVE-2019-1155", "CVE-2019-1156", "CVE-2019-1157", "CVE-2019-1158", "CVE-2019-1159", "CVE-2019-1160", "CVE-2019-1161", "CVE-2019-1162", "CVE-2019-1163", "CVE-2019-1164", "CVE-2019-1168", "CVE-2019-1169", "CVE-2019-1170", "CVE-2019-1171", "CVE-2019-1172", "CVE-2019-1173", "CVE-2019-1174", "CVE-2019-1175", "CVE-2019-1176", "CVE-2019-1177", "CVE-2019-1178", "CVE-2019-1179", "CVE-2019-1180", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1183", "CVE-2019-1184", "CVE-2019-1185", "CVE-2019-1186", "CVE-2019-1187", "CVE-2019-1188", "CVE-2019-1190", "CVE-2019-1192", "CVE-2019-1193", "CVE-2019-1194", "CVE-2019-1195", "CVE-2019-1196", "CVE-2019-1197", "CVE-2019-1198", "CVE-2019-1199", "CVE-2019-1200", "CVE-2019-1201", "CVE-2019-1202", "CVE-2019-1203", "CVE-2019-1204", "CVE-2019-1205", "CVE-2019-1206", "CVE-2019-1211", "CVE-2019-1212", "CVE-2019-1213", "CVE-2019-1218", "CVE-2019-1222", "CVE-2019-1223", "CVE-2019-1224", "CVE-2019-1225", "CVE-2019-1226", "CVE-2019-1227", "CVE-2019-1228", "CVE-2019-1229", "CVE-2019-9506", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9518"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated \u201ccritical,\" 65 that are considered \"important\" and one \"moderate.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories [here](<https://snort.org/advisories>), covering all of the new rules we have for this release. \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below. \n \n[CVE-2019-1181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181>) and [CVE-2019-1182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182>) are both remote code execution vulnerabilities in Remote Desktop Protocol. The vulnerabilities arise when an attacker connects to the target system using RDP and sends certain specially crafted requests. These bugs require no user interaction and do not require any authentication on the part of the attacker. An attacker could gain the ability to execute arbitrary code by exploiting these vulnerabilities. RDP has gained notoriety recently for being a part of the infamous BlueKeep vulnerability, a wormable bug in Microsoft that has yet to be exploited in the wild. \n \n[CVE-2019-1200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200>) is a remote code execution vulnerability in Microsoft Outlook that occurs when the software fails to properly handle objects in memory. An attacker could use a specially crafted file to exploit this bug and be able to perform actions at the same security level as the current user. A user can exploit this vulnerability by tricking the user into opening a specially crafted file with a vulnerable version of Microsoft Outlook. However, this attack vector only works if the user opens the email itself \u2014 it does not work in preview mode. \n \nThe other critical vulnerabilities are: \n \n\n\n * [CVE-2019-0719](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0719>)\n * [CVE-2019-0720](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0720>)\n * [CVE-2019-0736](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0736>)\n * [CVE-2019-0965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0965>)\n * [CVE-2019-1131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1131>)\n * [CVE-2019-1133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1133>)\n * [CVE-2019-1139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1139>)\n * [CVE-2019-1140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1140>)\n * [CVE-2019-1141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1141>)\n * [CVE-2019-1144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1144>)\n * [CVE-2019-1145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1145>)\n * [CVE-2019-1149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1149>)\n * [CVE-2019-1150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1150>)\n * [CVE-2019-1151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1151>)\n * [CVE-2019-1152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1152>)\n * [CVE-2019-1181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181>)\n * [CVE-2019-1182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182>)\n * [CVE-2019-1183](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1183>)\n * [CVE-2019-1188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1188>)\n * [CVE-2019-1194](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1194>)\n * [CVE-2019-1195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1195>)\n * [CVE-2019-1196](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1196>)\n * [CVE-2019-1197](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1197>)\n * [CVE-2019-1199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1199>)\n * [CVE-2019-1200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200>)\n * [CVE-2019-1201](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201>)\n * [CVE-2019-1204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1204>)\n * [CVE-2019-1205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1205>)\n * [CVE-2019-1213](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1213>)\n * [CVE-2019-1222](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222>)\n * [CVE-2019-1226](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226>)\n\n### Important vulnerabilities\n\nThis release also contains 65 important vulnerabilities, one of which we will highlight below. \n \n[CVE-2019-9506](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9506>) is a vulnerability in Bluetooth that could allow an attacker to change the size of a device's encryption key. While it is not directly a Microsoft vulnerability, the company has released a fix for it. An attacker could use a special device to change the encryption key size of a Bluetooth-enabled device to become as small as one. This method only works if the attacker is within an appropriate range fo the targeted device. Microsoft released a software update that enforces a 7-octet minimum key length by default to ensure that a smaller encryption key does not allow an attacker to bypass encryption. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2019-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>)\n * [CVE-2019-0714](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0714>)\n * [CVE-2019-0715](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0715>)\n * [CVE-2019-0716](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0716>)\n * [CVE-2019-0717](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0717>)\n * [CVE-2019-0718](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0718>)\n * [CVE-2019-0723](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0723>)\n * [CVE-2019-1030](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1030>)\n * [CVE-2019-1057](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1057>)\n * [CVE-2019-1078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1078>)\n * [CVE-2019-1143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1143>)\n * [CVE-2019-1146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1146>)\n * [CVE-2019-1147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1147>)\n * [CVE-2019-1148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148>)\n * [CVE-2019-1153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1153>)\n * [CVE-2019-1154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1154>)\n * [CVE-2019-1155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1155>)\n * [CVE-2019-1156](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1156>)\n * [CVE-2019-1157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1157>)\n * [CVE-2019-1158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1158>)\n * [CVE-2019-1159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1159>)\n * [CVE-2019-1160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1160>)\n * [CVE-2019-1161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161>)\n * [CVE-2019-1162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162>)\n * [CVE-2019-1163](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1163>)\n * [CVE-2019-1164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1164>)\n * [CVE-2019-1168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1168>)\n * [CVE-2019-1169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1169>)\n * [CVE-2019-1170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1170>)\n * [CVE-2019-1171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1171>)\n * [CVE-2019-1172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1172>)\n * [CVE-2019-1173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1173>)\n * [CVE-2019-1174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1174>)\n * [CVE-2019-1175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1175>)\n * [CVE-2019-1176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1176>)\n * [CVE-2019-1177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1177>)\n * [CVE-2019-1178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1178>)\n * [CVE-2019-1179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179>)\n * [CVE-2019-1180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1180>)\n * [CVE-2019-1184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1184>)\n * [CVE-2019-1185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1185>)\n * [CVE-2019-1186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186>)\n * [CVE-2019-1187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1187>)\n * [CVE-2019-1190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1190>)\n * [CVE-2019-1192](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1192>)\n * [CVE-2019-1193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1193>)\n * [CVE-2019-1198](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1198>)\n * [CVE-2019-1202](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202>)\n * [CVE-2019-1203](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1203>)\n * [CVE-2019-1206](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1206>)\n * [CVE-2019-1211](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1211>)\n * [CVE-2019-1212](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1212>)\n * [CVE-2019-1218](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1218>)\n * [CVE-2019-1223](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1223>)\n * [CVE-2019-1224](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1224>)\n * [CVE-2019-1225](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1225>)\n * [CVE-2019-1227](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1227>)\n * [CVE-2019-1228](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1228>)\n * [CVE-2019-1229](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229>)\n * [CVE-2019-9511](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9511>)\n * [CVE-2019-9512](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9512>)\n * [CVE-2019-9513](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9514>)\n * [CVE-2019-9514](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9514>)\n * [CVE-2019-9518](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9518>)\n\n### Moderate vulnerability\n\nThere is one moderate vulnerability, [CVE-2019-1185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1185>), an elevation of privilege vulnerability in Windows Subsystem for Linux. \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a [new SNORT\u24c7 rule](<https://snort.org/advisories/talos-rules-2019-08-13>) set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 35190, 35191, 40851, 40852, 45142, 45143, 50936 - 50939, 50969 - 50974, 50987, 50988, 50940, 50941, 50998, 50999, 51001 - 51006\n\n", "modified": "2019-08-14T09:55:35", "published": "2019-08-14T09:55:35", "id": "TALOSBLOG:F543D5FEAB2BB1C90B9699F8AE8757F4", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/ztSCwF-b7VI/microsoft-patch-tuesday-aug-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Aug. 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
