Microsoft Windows Update Client CVE-2019-1337 Information Disclosure Vulnerability

Description

Microsoft Windows Update Client is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks.

Technologies Affected

• Microsoft Windows 10 Version 1809 for 32-bit Systems
• Microsoft Windows 10 Version 1809 for ARM64-based Systems
• Microsoft Windows 10 Version 1809 for x64-based Systems
• Microsoft Windows 10 Version 1903 for 32-bit Systems
• Microsoft Windows 10 Version 1903 for ARM64-based Systems
• Microsoft Windows 10 Version 1903 for x64-based Systems
• Microsoft Windows Server 1903
• Microsoft Windows Server 2019

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Restrict local access to trusted and accountable individuals only.

Run all software as a nonprivileged user with minimal access rights.
Running server processes within a restricted environment using facilities such as chroot or jail may limit the consequences of successful exploits.

Updates are available. Please see the references or vendor advisory for more information.