Microsoft Windows DirectWrite CVE-2019-1251 Information Disclosure Vulnerability

2019-09-1000:00:00

Symantec Security Response

www.symantec.com

JSON

Description

Microsoft Windows is prone to an information-disclosure vulnerability. An attacker can leverage this issue to disclose sensitive information that may aid in further attacks.

Technologies Affected

Microsoft Windows 10 Version 1709 for ARM64-based Systems
Microsoft Windows 10 Version 1803 for 32-bit Systems
Microsoft Windows 10 Version 1803 for ARM64-based Systems
Microsoft Windows 10 Version 1803 for x64-based Systems
Microsoft Windows 10 Version 1809 for 32-bit Systems
Microsoft Windows 10 Version 1809 for ARM64-based Systems
Microsoft Windows 10 Version 1809 for x64-based Systems
Microsoft Windows 10 Version 1903 for 32-bit Systems
Microsoft Windows 10 Version 1903 for ARM64-based Systems
Microsoft Windows 10 Version 1903 for x64-based Systems
Microsoft Windows 10 version 1703 for 32-bit Systems
Microsoft Windows 10 version 1703 for x64-based Systems
Microsoft Windows 10 version 1709 for 32-bit Systems
Microsoft Windows 10 version 1709 for x64-based Systems
Microsoft Windows Server 1803
Microsoft Windows Server 2019

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful ex

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Updates are available. Please see the references or vendor advisory for more information.

CPENameOperatorVersion
microsoft windowseq10 version 1703 for 32-bit Systems
microsoft windowseq10 Version 1803 for ARM64-based Systems
microsoft windows servereq2019
microsoft windowseq10 version 1709 for 32-bit Systems
microsoft windowseq10 Version 1903 for ARM64-based Systems
microsoft windowseq10 Version 1903 for x64-based Systems
microsoft windowseq10 Version 1809 for 32-bit Systems
microsoft windowseq10 version 1703 for x64-based Systems
microsoft windows servereq1803
microsoft windowseq10 Version 1709 for ARM64-based Systems

Name	Operator	Version
microsoft windows	eq	10 version 1703 for 32-bit Systems
microsoft windows	eq	10 Version 1803 for ARM64-based Systems
microsoft windows server	eq	2019
microsoft windows	eq	10 version 1709 for 32-bit Systems
microsoft windows	eq	10 Version 1903 for ARM64-based Systems
microsoft windows	eq	10 Version 1903 for x64-based Systems
microsoft windows	eq	10 Version 1809 for 32-bit Systems
microsoft windows	eq	10 version 1703 for x64-based Systems
microsoft windows server	eq	1803
microsoft windows	eq	10 Version 1709 for ARM64-based Systems

Rows per page:

1-10 of 161

JSON

Related for SMNTC-109956