DATABASE RESOURCES PRICING ABOUT US

{"id": "SMNTC-110772", "vendorId": null, "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows GDI CVE-2019-1439 Information Disclosure Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources. \n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-11-12T00:00:00", "modified": "2019-11-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110772", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2019-1439"], "immutableFields": [], "lastseen": "2021-06-08T19:06:01", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-2667"]}, {"type": "cve", "idList": ["CVE-2019-1439"]}, {"type": "kaspersky", "idList": ["KLA11608", "KLA11871"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1439"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_NOV_4523205.NASL", "SMB_NT_MS19_NOV_4524570.NASL", "SMB_NT_MS19_NOV_4525232.NASL", "SMB_NT_MS19_NOV_4525234.NASL", "SMB_NT_MS19_NOV_4525235.NASL", "SMB_NT_MS19_NOV_4525236.NASL", "SMB_NT_MS19_NOV_4525237.NASL", "SMB_NT_MS19_NOV_4525241.NASL", "SMB_NT_MS19_NOV_4525243.NASL", "SMB_NT_MS19_NOV_4525246.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815720", "OPENVAS:1361412562310815722", "OPENVAS:1361412562310815834", "OPENVAS:1361412562310815835", "OPENVAS:1361412562310815836", "OPENVAS:1361412562310815837", "OPENVAS:1361412562310815839"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E"]}]}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-1439"]}, {"type": "kaspersky", "idList": ["KLA11608", "KLA11871"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1439"]}, {"type": "nessus", "idList": ["BLUECOAT_PROXY_AV_VERSION.NASL", "SMB_NT_MS19_NOV_4523205.NASL", "SMB_NT_MS19_NOV_4524570.NASL", "SMB_NT_MS19_NOV_4525232.NASL", "SMB_NT_MS19_NOV_4525234.NASL", "SMB_NT_MS19_NOV_4525235.NASL", "SMB_NT_MS19_NOV_4525236.NASL", "SMB_NT_MS19_NOV_4525237.NASL", "SMB_NT_MS19_NOV_4525241.NASL", "SMB_NT_MS19_NOV_4525243.NASL", "SMB_NT_MS19_NOV_4525246.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815720", "OPENVAS:1361412562310815722", "OPENVAS:1361412562310815834", "OPENVAS:1361412562310815835", "OPENVAS:1361412562310815836", "OPENVAS:1361412562310815837", "OPENVAS:1361412562310815839"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-1439", "epss": "0.435150000", "percentile": "0.967380000", "modified": "2023-03-15"}], "vulnersScore": -0.5}, "_state": {"dependencies": 1678909994, "score": 1678917189, "affected_software_major_version": 0, "epss": 1678939848}, "_internal": {"score_hash": "1ac63e660ef2484773814ab1e1e98a07"}, "affectedSoftware": [{"name": "microsoft windows server", "operator": "eq", "version": "2012"}, {"name": "microsoft windows server", "operator": "eq", "version": "1903"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1803 for ARM64-based Systems"}, {"name": "microsoft windows server", "operator": "eq", "version": "2019"}, {"name": "microsoft windows", "operator": "eq", "version": "8.1 for 32-bit Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 version 1709 for 32-bit Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1903 for ARM64-based Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1903 for x64-based Systems"}, {"name": "microsoft windows server", "operator": "eq", "version": "2008 for Itanium-based Systems SP2"}, {"name": "microsoft windows rt", "operator": "eq", "version": "8.1"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1809 for 32-bit Systems"}, {"name": "microsoft windows server", "operator": "eq", "version": "1803"}, {"name": "microsoft windows", "operator": "eq", "version": "10 for 32-bit Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1709 for ARM64-based Systems"}, {"name": "microsoft windows server", "operator": "eq", "version": "2008 R2 for Itanium-based Systems SP1"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1809 for x64-based Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 for x64-based Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 version 1709 for x64-based Systems"}, {"name": "microsoft windows server", "operator": "eq", "version": "2008 for x64-based Systems SP2"}, {"name": "microsoft windows", "operator": "eq", "version": "7 for x64-based Systems SP1"}, {"name": "microsoft windows server", "operator": "eq", "version": "2012 R2"}, {"name": "microsoft windows server", "operator": "eq", "version": "2008 for 32-bit Systems SP2"}, {"name": "microsoft windows", "operator": "eq", "version": "8.1 for x64-based Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1607 for x64-based Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1903 for 32-bit Systems"}, {"name": "microsoft windows server", "operator": "eq", "version": "2008 R2 for x64-based Systems SP1"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1803 for x64-based Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1809 for ARM64-based Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1607 for 32-bit Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "10 Version 1803 for 32-bit Systems"}, {"name": "microsoft windows", "operator": "eq", "version": "7 for 32-bit Systems SP1"}, {"name": "microsoft windows server", "operator": "eq", "version": "2016"}]}

{"mscve": [{"lastseen": "2023-03-17T02:35:20", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-11-12T08:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1439"], "modified": "2019-11-13T08:00:00", "id": "MS:CVE-2019-1439", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1439", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-02-09T14:34:05", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-11-12T19:15:00", "type": "cve", "title": "CVE-2019-1439", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1439"], "modified": "2019-11-13T17:44:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-1439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1439", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}], "checkpoint_advisories": [{"lastseen": "2022-10-13T22:33:55", "description": "A heap-based buffer overflow vulnerability exists in the MF3216 component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted file and take actions.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-18T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Graphics Device Interface Buffer Overflow (CVE-2019-1439)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1439"], "modified": "2022-09-18T00:00:00", "id": "CPAI-2019-2667", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-03-03T15:04:26", "description": "The remote Windows host is missing security update 4525239 or cumulative update 4525234. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719) \n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1441)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2019-1391)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525239: Windows Server 2008 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0712", "CVE-2019-0719", "CVE-2019-11135", "CVE-2019-1384", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1415", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1424", "CVE-2019-1429", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1439", "CVE-2019-1441", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_NOV_4525234.NASL", "href": "https://www.tenable.com/plugins/nessus/130904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130904);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-1384\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1412\",\n \"CVE-2019-1415\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1424\",\n \"CVE-2019-1429\",\n \"CVE-2019-1432\",\n \"CVE-2019-1433\",\n \"CVE-2019-1434\",\n \"CVE-2019-1435\",\n \"CVE-2019-1439\",\n \"CVE-2019-1441\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525234\");\n script_xref(name:\"MSKB\", value:\"4525239\");\n script_xref(name:\"MSFT\", value:\"MS19-4525234\");\n script_xref(name:\"MSFT\", value:\"MS19-4525239\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4525239: Windows Server 2008 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525239\nor cumulative update 4525234. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails\n to properly validate input from an authenticated user\n on a guest operating system. (CVE-2019-0719) \n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in\n Windows Adobe Type Manager Font Driver (ATMFD.dll) when\n it fails to properly handle objects in memory. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1441)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1391)\");\n # https://support.microsoft.com/en-us/help/4525234/windows-server-2008-update-kb4525234\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f741cc55\");\n # https://support.microsoft.com/en-us/help/4525239/windows-server-2008-update-kb4525239\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be8de061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4525239 or Cumulative Update KB4525234.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1441\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525234', '4525239');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525234, 4525239])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:04:38", "description": "The remote Windows host is missing security update 4525233 or cumulative update 4525235. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1441)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525233: Windows 7 and Windows Server 2008 R2 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-11135", "CVE-2019-1382", "CVE-2019-1384", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1415", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1429", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1441", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_NOV_4525235.NASL", "href": "https://www.tenable.com/plugins/nessus/130905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130905);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-1382\",\n \"CVE-2019-1384\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1412\",\n \"CVE-2019-1415\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1429\",\n \"CVE-2019-1432\",\n \"CVE-2019-1433\",\n \"CVE-2019-1434\",\n \"CVE-2019-1435\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1441\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525235\");\n script_xref(name:\"MSKB\", value:\"4525233\");\n script_xref(name:\"MSFT\", value:\"MS19-4525235\");\n script_xref(name:\"MSFT\", value:\"MS19-4525233\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4525233: Windows 7 and Windows Server 2008 R2 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525233\nor cumulative update 4525235. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails\n to properly validate input from an authenticated user\n on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in\n Windows Adobe Type Manager Font Driver (ATMFD.dll) when\n it fails to properly handle objects in memory. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-1441)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\");\n # https://support.microsoft.com/en-us/help/4525235/windows-7-update-kb4525235\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8b9842b\");\n # https://support.microsoft.com/en-us/help/4525233/windows-7-update-kb4525233\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d32296c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4525233 or Cumulative Update KB4525235.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1441\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525235', '4525233');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525235, 4525233])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:05:16", "description": "The remote Windows host is missing security update 4525253 or cumulative update 4525246. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1392)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525253: Windows Server 2012 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-11135", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1384", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1415", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1429", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_NOV_4525246.NASL", "href": "https://www.tenable.com/plugins/nessus/130910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130910);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1384\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1392\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1412\",\n \"CVE-2019-1415\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1429\",\n \"CVE-2019-1432\",\n \"CVE-2019-1433\",\n \"CVE-2019-1434\",\n \"CVE-2019-1435\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525253\");\n script_xref(name:\"MSKB\", value:\"4525246\");\n script_xref(name:\"MSFT\", value:\"MS19-4525253\");\n script_xref(name:\"MSFT\", value:\"MS19-4525246\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4525253: Windows Server 2012 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525253\nor cumulative update 4525246. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when \n Windows Hyper-V Network Switch on a host server fails\n to properly validate input from an authenticated user\n on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in\n Windows Adobe Type Manager Font Driver (ATMFD.dll) when\n it fails to properly handle objects in memory. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1392)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\");\n # https://support.microsoft.com/en-us/help/4525253/windows-server-2012-update-kb4525253\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34c18afd\");\n # https://support.microsoft.com/en-us/help/4525246/windows-server-2012-update-kb4525246\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad214b5b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4525253 or Cumulative Update KB4525246.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525253', '4525246');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525253, 4525246])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:04:38", "description": "The remote Windows host is missing security update 4525250 or cumulative update 4525243. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1392)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525250: Windows 8.1 and Windows Server 2012 R2 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-11135", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1384", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1415", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1429", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_NOV_4525243.NASL", "href": "https://www.tenable.com/plugins/nessus/130909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130909);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1384\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1392\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1412\",\n \"CVE-2019-1415\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1429\",\n \"CVE-2019-1432\",\n \"CVE-2019-1433\",\n \"CVE-2019-1434\",\n \"CVE-2019-1435\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525243\");\n script_xref(name:\"MSKB\", value:\"4525250\");\n script_xref(name:\"MSFT\", value:\"MS19-4525243\");\n script_xref(name:\"MSFT\", value:\"MS19-4525250\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4525250: Windows 8.1 and Windows Server 2012 R2 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525250\nor cumulative update 4525243. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails\n to properly validate input from an authenticated user\n on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411, CVE-2019-1432)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1434)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists in\n Windows Adobe Type Manager Font Driver (ATMFD.dll) when\n it fails to properly handle objects in memory. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2019-1412)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1392)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4525243/windows-8-1-kb4525243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4525250/windows-8-1-kb4525250\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4525250 or Cumulative Update KB4525243.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525243', '4525250');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525243, 4525250])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:05:16", "description": "The remote Windows host is missing security update 4525236. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525236: Windows 10 Version 1607 and Windows Server 2016 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-11135", "CVE-2019-1374", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1433", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4525236.NASL", "href": "https://www.tenable.com/plugins/nessus/130906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130906);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-1374\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525236\");\n script_xref(name:\"MSFT\", value:\"MS19-4525236\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4525236: Windows 10 Version 1607 and Windows Server 2016 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525236. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when \n Windows Hyper-V Network Switch on a host server fails\n to properly validate input from an authenticated user\n on a guest operating system. (CVE-2019-0719)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\");\n # https://support.microsoft.com/en-us/help/4525236/windows-10-update-kb4525236\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c647fbe4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4525236.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525236');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525236])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:05:03", "description": "The remote Windows host is missing security update 4525232. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-1389, CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2019-1434)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1392)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525232: Windows 10 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-11135", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4525232.NASL", "href": "https://www.tenable.com/plugins/nessus/130903", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130903);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1392\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1434\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525232\");\n script_xref(name:\"MSFT\", value:\"MS19-4525232\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n\n script_name(english:\"KB4525232: Windows 10 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525232. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-0719, CVE-2019-1389,\n CVE-2019-1397)\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1434)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-1392)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\");\n # https://support.microsoft.com/en-us/help/4525232/windows-10-update-kb4525232\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aa907170\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4525232.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525232');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525232])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:04:38", "description": "The remote Windows host is missing security update 4524570. It is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2019-1430)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1423)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4524570: Windows 10 Version 1903 and Windows 10 Version 1909 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-0721", "CVE-2019-11135", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1374", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1423", "CVE-2019-1424", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1430", "CVE-2019-1433", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1437", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4524570.NASL", "href": "https://www.tenable.com/plugins/nessus/130902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130902);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1310\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1423\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1430\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1437\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4524570\");\n script_xref(name:\"MSFT\", value:\"MS19-4524570\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4524570: Windows 10 Version 1903 and Windows 10 Version 1909 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4524570. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A remote code execution vulnerability exists when\n Windows Media Foundation improperly parses specially\n crafted QuickTime media files. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. Users whose accounts\n are configured to have fewer user rights on the system\n could be less impacted than users who operate with\n administrative user rights. (CVE-2019-1430)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the StartTileData.dll handles file creation in\n protected locations. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1423)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437,\n CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4524570/windows-10-update-kb4524570\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?864f0755\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4524570.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1430\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4524570');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4524570])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4524570])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:04:38", "description": "The remote Windows host is missing security update 4525237.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397, CVE-2019-1398)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525237: Windows 10 Version 1803 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-0721", "CVE-2019-11135", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1374", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1433", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4525237.NASL", "href": "https://www.tenable.com/plugins/nessus/130907", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130907);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1310\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525237\");\n script_xref(name:\"MSFT\", value:\"MS19-4525237\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4525237: Windows 10 Version 1803 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525237.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397,\n CVE-2019-1398)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4525237/windows-10-update-kb4525237\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2194d569\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4525237.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525237');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525237])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:04:26", "description": "The remote Windows host is missing security update 4523205.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CCVE-2019-0721)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1379, CVE-2019-1383, CVE-2019-1417)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4523205: Windows 10 Version 1809 and Windows Server 2019 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-0721", "CVE-2019-11135", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1374", "CVE-2019-1379", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1433", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1437", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4523205.NASL", "href": "https://www.tenable.com/plugins/nessus/130901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130901);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1310\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1379\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1437\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4523205\");\n script_xref(name:\"MSFT\", value:\"MS19-4523205\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4523205: Windows 10 Version 1809 and Windows Server 2019 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4523205.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CCVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1379, CVE-2019-1383,\n CVE-2019-1417)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437,\n CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4523205/windows-10-update-kb4523205\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fabe75f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4523205.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4523205');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4523205])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T15:04:38", "description": "The remote Windows host is missing security update 4525241.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309)\n\n - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "nessus", "title": "KB4525241: Windows 10 Version 1709 November 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-0721", "CVE-2019-11135", "CVE-2019-1309", "CVE-2019-1324", "CVE-2019-1374", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1433", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4525241.NASL", "href": "https://www.tenable.com/plugins/nessus/130908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130908);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/02\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525241\");\n script_xref(name:\"MSFT\", value:\"MS19-4525241\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/05\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4525241: Windows 10 Version 1709 November 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525241.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397,\n CVE-2019-1398)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4525241/windows-10-update-kb4525241\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df32672c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4525241.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-1384\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525241');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525241])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T20:40:44", "description": "This host is missing a critical security\n update according to Microsoft KB4525235", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1434", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1441", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1419", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1432", "CVE-2019-1418", "CVE-2019-1412", "CVE-2019-0719"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815839", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815839", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815839\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-11135\",\n \"CVE-2019-1382\", \"CVE-2019-1384\", \"CVE-2019-1388\", \"CVE-2019-1389\",\n \"CVE-2019-1390\", \"CVE-2019-1391\", \"CVE-2019-1393\", \"CVE-2019-1394\",\n \"CVE-2019-1395\", \"CVE-2019-1396\", \"CVE-2019-1397\", \"CVE-2019-1399\",\n \"CVE-2019-1405\", \"CVE-2019-1406\", \"CVE-2019-1407\", \"CVE-2019-1408\",\n \"CVE-2019-1409\", \"CVE-2019-1411\", \"CVE-2019-1412\", \"CVE-2019-1415\",\n \"CVE-2019-1418\", \"CVE-2019-1419\", \"CVE-2019-1422\", \"CVE-2019-1424\",\n \"CVE-2019-1429\", \"CVE-2019-1432\", \"CVE-2019-1433\", \"CVE-2019-1434\",\n \"CVE-2019-1435\", \"CVE-2019-1438\", \"CVE-2019-1439\", \"CVE-2019-1441\",\n \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 09:00:35 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525235)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525235\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows improperly handles objects in memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly validate\n input from a privileged user on a guest operating system.\n\n - Windows kernel improperly handles objects in memory.\n\n - ActiveX Installer service may allow access to files without proper authentication.\n\n - Windows Certificate Dialog does not properly enforce user privileges.\n\n - VBScript engine improperly handles objects in memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on a victim system, cause a target system to stop\n responding, obtain information to further compromise the user's system\n and gain elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525235\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Advapi32.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24535\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Advapi32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24535\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:40", "description": "This host is missing a critical security\n update according to Microsoft KB4525243", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525243)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1434", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1419", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1392", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1432", "CVE-2019-1418", "CVE-2019-1412", "CVE-2019-1380", "CVE-2019-0719"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815722", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815722\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-11135\",\n \"CVE-2019-1380\", \"CVE-2019-1381\", \"CVE-2019-1382\", \"CVE-2019-1384\",\n \"CVE-2019-1388\", \"CVE-2019-1389\", \"CVE-2019-1390\", \"CVE-2019-1391\",\n \"CVE-2019-1392\", \"CVE-2019-1393\", \"CVE-2019-1394\", \"CVE-2019-1395\",\n \"CVE-2019-1396\", \"CVE-2019-1397\", \"CVE-2019-1399\", \"CVE-2019-1405\",\n \"CVE-2019-1406\", \"CVE-2019-1407\", \"CVE-2019-1408\", \"CVE-2019-1409\",\n \"CVE-2019-1411\", \"CVE-2019-1412\", \"CVE-2019-1415\", \"CVE-2019-1418\",\n \"CVE-2019-1419\", \"CVE-2019-1422\", \"CVE-2019-1424\", \"CVE-2019-1429\",\n \"CVE-2019-1432\", \"CVE-2019-1433\", \"CVE-2019-1434\", \"CVE-2019-1435\",\n \"CVE-2019-1438\", \"CVE-2019-1439\", \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 11:19:37 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525243)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525243\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows Servicing Stack allows access to unprivileged file locations.\n\n - ActiveX Installer service may allow access to files without proper authentication.\n\n - Win32k component fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, elevate privileges, bypass security restrictions,\n disclose sensitive information and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64-based systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525243\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Urlmon.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_is_less(version:dllVer, test_version:\"11.0.9600.19541\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Urlmon.dll\",\n file_version:dllVer, vulnerable_range:\"Less than 11.0.9600.19541\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:43", "description": "This host is missing a critical security\n update according to Microsoft KB4525232", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1434", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-1420", "CVE-2019-1393", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1392", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1418", "CVE-2019-1380", "CVE-2019-0719"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815834", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815834", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815834\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-11135\",\n \"CVE-2019-1380\", \"CVE-2019-1381\", \"CVE-2019-1382\", \"CVE-2019-1383\",\n \"CVE-2019-1384\", \"CVE-2019-1388\", \"CVE-2019-1389\", \"CVE-2019-1390\",\n \"CVE-2019-1391\", \"CVE-2019-1392\", \"CVE-2019-1393\", \"CVE-2019-1394\",\n \"CVE-2019-1395\", \"CVE-2019-1396\", \"CVE-2019-1397\", \"CVE-2019-1405\",\n \"CVE-2019-1406\", \"CVE-2019-1407\", \"CVE-2019-1408\", \"CVE-2019-1409\",\n \"CVE-2019-1411\", \"CVE-2019-1415\", \"CVE-2019-1417\", \"CVE-2019-1418\",\n \"CVE-2019-1419\", \"CVE-2019-1420\", \"CVE-2019-1422\", \"CVE-2019-1424\",\n \"CVE-2019-1426\", \"CVE-2019-1429\", \"CVE-2019-1433\", \"CVE-2019-1434\",\n \"CVE-2019-1435\", \"CVE-2019-1436\", \"CVE-2019-1438\", \"CVE-2019-1439\",\n \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 09:04:24 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525232)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525232\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows Installer improperly handles certain filesystem operations.\n\n - Windows Universal Plug and Play (UPnP) service improperly allows COM\n object creation.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows Netlogon improperly handles a secure communications channel.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash the host server, execute code with elevated permissions, bypass security\n restrictions, and disclose sensitive information to further compromise the user's\n system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525232\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Crypt32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.10240.0\", test_version2:\"10.0.10240.18394\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Crypt32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.10240.0 - 10.0.10240.18394\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:49", "description": "This host is missing a critical security\n update according to Microsoft KB4525236", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525236)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1418", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815836", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815836", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815836\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-11135\",\n \"CVE-2019-1374\", \"CVE-2019-1380\", \"CVE-2019-1381\", \"CVE-2019-1382\",\n \"CVE-2019-1383\", \"CVE-2019-1384\", \"CVE-2019-1388\", \"CVE-2019-1389\",\n \"CVE-2019-1390\", \"CVE-2019-1391\", \"CVE-2019-1393\", \"CVE-2019-1394\",\n \"CVE-2019-1395\", \"CVE-2019-1396\", \"CVE-2019-1397\", \"CVE-2019-1399\",\n \"CVE-2019-1405\", \"CVE-2019-1406\", \"CVE-2019-1407\", \"CVE-2019-1408\",\n \"CVE-2019-1409\", \"CVE-2019-1411\", \"CVE-2019-1413\", \"CVE-2019-1415\",\n \"CVE-2019-1417\", \"CVE-2019-1418\", \"CVE-2019-1419\", \"CVE-2019-1420\",\n \"CVE-2019-1422\", \"CVE-2019-1424\", \"CVE-2019-1426\", \"CVE-2019-1428\",\n \"CVE-2019-1429\", \"CVE-2019-1433\", \"CVE-2019-1435\", \"CVE-2019-1436\",\n \"CVE-2019-1438\", \"CVE-2019-1439\", \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 10:06:52 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525236)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525236\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly\n validate input from a privileged user on a guest operating system.\n\n - Windows Installer fails to properly handles certain filesystem operations.\n\n - Windows Error Reporting (WER) improperly handles objects in memory.\n\n - Windows Universal Plug and Play (UPnP) service improperly allows COM object\n creation.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Scripting engine handles objects in memory in Internet Explorer.\n\n - Windows Netlogon improperly handles a secure communications channel.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows Remote Procedure Call (RPC) runtime improperly initializes objects\n in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525236\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"drivers\\Mrxsmb.sys\");\nif(!sysVer)\n exit(0);\n\nif(version_in_range(version:sysVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3325\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\drivers\\Mrxsmb.sys\",\n file_version:sysVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3325\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:39", "description": "This host is missing a critical security\n update according to Microsoft KB4525241", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815720", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815720\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0721\", \"CVE-2019-11135\",\n \"CVE-2019-1422\", \"CVE-2019-1424\", \"CVE-2019-1426\", \"CVE-2019-1309\",\n \"CVE-2019-1324\", \"CVE-2019-1374\", \"CVE-2019-1380\", \"CVE-2019-1428\",\n \"CVE-2019-1429\", \"CVE-2019-1381\", \"CVE-2019-1382\", \"CVE-2019-1383\",\n \"CVE-2019-1433\", \"CVE-2019-1435\", \"CVE-2019-1436\", \"CVE-2019-1384\",\n \"CVE-2019-1385\", \"CVE-2019-1388\", \"CVE-2019-1389\", \"CVE-2019-1438\",\n \"CVE-2019-1439\", \"CVE-2019-1440\", \"CVE-2019-1390\", \"CVE-2019-1391\",\n \"CVE-2019-1393\", \"CVE-2019-1394\", \"CVE-2019-1395\", \"CVE-2019-1456\",\n \"CVE-2019-1396\", \"CVE-2019-1397\", \"CVE-2019-1398\", \"CVE-2019-1406\",\n \"CVE-2019-1407\", \"CVE-2019-1408\", \"CVE-2019-1409\", \"CVE-2019-1411\",\n \"CVE-2019-1413\", \"CVE-2019-1415\", \"CVE-2019-1416\", \"CVE-2019-1417\",\n \"CVE-2019-1418\", \"CVE-2019-1419\", \"CVE-2019-1420\", \"CVE-2019-1399\",\n \"CVE-2019-1405\", \"CVE-2019-0719\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 09:47:51 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525241)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525241\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets.\n\n - Scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows Servicing Stack allows access to unprivileged file locations.\n\n - ActiveX Installer service allows access to files without proper authentication.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode, gain access to sensitive data, elevate\n privileges and conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525241\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1503\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1503\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:55", "description": "This host is missing a critical security\n update according to Microsoft KB4525237", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525237)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815837", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815837", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815837\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-0721\",\n \"CVE-2019-11135\", \"CVE-2019-1309\", \"CVE-2019-1310\", \"CVE-2019-1324\",\n \"CVE-2019-1374\", \"CVE-2019-1380\", \"CVE-2019-1381\", \"CVE-2019-1382\",\n \"CVE-2019-1383\", \"CVE-2019-1384\", \"CVE-2019-1385\", \"CVE-2019-1388\",\n \"CVE-2019-1389\", \"CVE-2019-1390\", \"CVE-2019-1391\", \"CVE-2019-1393\",\n \"CVE-2019-1394\", \"CVE-2019-1395\", \"CVE-2019-1396\", \"CVE-2019-1397\",\n \"CVE-2019-1398\", \"CVE-2019-1399\", \"CVE-2019-1405\", \"CVE-2019-1406\",\n \"CVE-2019-1407\", \"CVE-2019-1408\", \"CVE-2019-1409\", \"CVE-2019-1411\",\n \"CVE-2019-1413\", \"CVE-2019-1415\", \"CVE-2019-1416\", \"CVE-2019-1417\",\n \"CVE-2019-1418\", \"CVE-2019-1419\", \"CVE-2019-1420\", \"CVE-2019-1422\",\n \"CVE-2019-1424\", \"CVE-2019-1426\", \"CVE-2019-1428\", \"CVE-2019-1429\",\n \"CVE-2019-1433\", \"CVE-2019-1435\", \"CVE-2019-1436\", \"CVE-2019-1438\",\n \"CVE-2019-1439\", \"CVE-2019-1440\", \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 10:37:52 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525237)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525237\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly validate\n input from a privileged user on a guest operating system.\n\n - Windows Installer improperly handles certain filesystem operations.\n\n - Windows Error Reporting (WER) improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Universal Plug and Play (UPnP) service improperly allows COM object\n creation.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Scripting engine improperly handles objects in memory in Microsoft Edge\n (HTML-based).\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system, elevate privileges on an affected system\n and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525237\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.1129\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.1129\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:48", "description": "This host is missing a critical security\n update according to Microsoft KB4523205", "cvss3": {}, "published": "2019-11-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4523205)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1437", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1379", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1427", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815835", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815835\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-0721\",\n \"CVE-2019-11135\", \"CVE-2019-1309\", \"CVE-2019-1310\", \"CVE-2019-1324\",\n \"CVE-2019-1374\", \"CVE-2019-1379\", \"CVE-2019-1380\", \"CVE-2019-1381\",\n \"CVE-2019-1382\", \"CVE-2019-1383\", \"CVE-2019-1384\", \"CVE-2019-1385\",\n \"CVE-2019-1388\", \"CVE-2019-1390\", \"CVE-2019-1391\", \"CVE-2019-1393\",\n \"CVE-2019-1394\", \"CVE-2019-1395\", \"CVE-2019-1396\", \"CVE-2019-1397\",\n \"CVE-2019-1398\", \"CVE-2019-1399\", \"CVE-2019-1405\", \"CVE-2019-1406\",\n \"CVE-2019-1408\", \"CVE-2019-1409\", \"CVE-2019-1411\", \"CVE-2019-1413\",\n \"CVE-2019-1415\", \"CVE-2019-1416\", \"CVE-2019-1417\", \"CVE-2019-1418\",\n \"CVE-2019-1419\", \"CVE-2019-1420\", \"CVE-2019-1422\", \"CVE-2019-1424\",\n \"CVE-2019-1426\", \"CVE-2019-1427\", \"CVE-2019-1428\", \"CVE-2019-1429\",\n \"CVE-2019-1433\", \"CVE-2019-1435\", \"CVE-2019-1436\", \"CVE-2019-1437\",\n \"CVE-2019-1438\", \"CVE-2019-1439\", \"CVE-2019-1440\", \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 09:08:41 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4523205)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4523205\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows DirectWrite improperly discloses the contents of its memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly validate\n input from a privileged user on a guest operating system.\n\n - Windows Installer improperly handles certain filesystem operations.\n\n - Windows Error Reporting (WER) improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - Windows Universal Plug and Play (UPnP) service improperly allows COM object\n creation.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to disclose sensitive information, cause the host server to crash, execute code\n with elevated permissions, elevate privileges and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4523205\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Userenv.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.830\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Userenv.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.830\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-03-21T08:28:09", "description": "### *Detect date*:\n11/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2012 \nWindows 8.1 for x64-based systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nInternet Explorer 10 \nWindows Server 2012 R2 \nWindows Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0712](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0712>) \n[CVE-2019-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1408>) \n[CVE-2019-0719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0719>) \n[CVE-2019-1415](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1415>) \n[CVE-2019-1441](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1441>) \n[CVE-2019-1405](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1405>) \n[CVE-2019-1406](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1406>) \n[CVE-2019-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1407>) \n[CVE-2019-1429](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1429>) \n[CVE-2019-11135](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-11135>) \n[CVE-2019-1424](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1424>) \n[CVE-2019-1422](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1422>) \n[CVE-2019-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1409>) \n[CVE-2018-12207](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-12207>) \n[CVE-2019-1382](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1382>) \n[CVE-2019-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1384>) \n[CVE-2019-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1389>) \n[CVE-2019-1388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1388>) \n[CVE-2019-1456](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1456>) \n[CVE-2019-1454](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1454>) \n[CVE-2019-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1419>) \n[CVE-2019-1418](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1418>) \n[CVE-2019-1439](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1439>) \n[CVE-2019-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1438>) \n[CVE-2019-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1435>) \n[CVE-2019-1434](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1434>) \n[CVE-2019-1411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1411>) \n[CVE-2019-1433](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1433>) \n[CVE-2019-1432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1432>) \n[CVE-2019-1399](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1399>) \n[CVE-2019-1412](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1412>) \n[CVE-2019-1394](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1394>) \n[CVE-2019-1395](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1395>) \n[CVE-2019-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1396>) \n[CVE-2019-1397](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1397>) \n[CVE-2019-1390](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1390>) \n[CVE-2019-1391](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1391>) \n[CVE-2019-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1393>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-1429](<https://vulners.com/cve/CVE-2019-1429>)7.6Critical \n[CVE-2019-1390](<https://vulners.com/cve/CVE-2019-1390>)7.6Critical \n[CVE-2019-1415](<https://vulners.com/cve/CVE-2019-1415>)4.6Warning \n[CVE-2019-1411](<https://vulners.com/cve/CVE-2019-1411>)4.3Warning \n[CVE-2019-0712](<https://vulners.com/cve/CVE-2019-0712>)6.8High \n[CVE-2019-1424](<https://vulners.com/cve/CVE-2019-1424>)6.8High \n[CVE-2019-1399](<https://vulners.com/cve/CVE-2019-1399>)5.5High \n[CVE-2019-1396](<https://vulners.com/cve/CVE-2019-1396>)7.2High \n[CVE-2019-1395](<https://vulners.com/cve/CVE-2019-1395>)7.2High \n[CVE-2019-1439](<https://vulners.com/cve/CVE-2019-1439>)4.3Warning \n[CVE-2019-1454](<https://vulners.com/cve/CVE-2019-1454>)3.6Warning \n[CVE-2018-12207](<https://vulners.com/cve/CVE-2018-12207>)4.9Warning \n[CVE-2019-1406](<https://vulners.com/cve/CVE-2019-1406>)9.3Critical \n[CVE-2019-1382](<https://vulners.com/cve/CVE-2019-1382>)2.1Warning \n[CVE-2019-1391](<https://vulners.com/cve/CVE-2019-1391>)4.9Warning \n[CVE-2019-11135](<https://vulners.com/cve/CVE-2019-11135>)2.1Warning \n[CVE-2019-1394](<https://vulners.com/cve/CVE-2019-1394>)7.2High \n[CVE-2019-1434](<https://vulners.com/cve/CVE-2019-1434>)7.2High \n[CVE-2019-1433](<https://vulners.com/cve/CVE-2019-1433>)7.2High \n[CVE-2019-1418](<https://vulners.com/cve/CVE-2019-1418>)2.1Warning \n[CVE-2019-1432](<https://vulners.com/cve/CVE-2019-1432>)4.3Warning \n[CVE-2019-1409](<https://vulners.com/cve/CVE-2019-1409>)2.1Warning \n[CVE-2019-1389](<https://vulners.com/cve/CVE-2019-1389>)7.7Critical \n[CVE-2019-1393](<https://vulners.com/cve/CVE-2019-1393>)7.2High \n[CVE-2019-0719](<https://vulners.com/cve/CVE-2019-0719>)9.0Critical \n[CVE-2019-1384](<https://vulners.com/cve/CVE-2019-1384>)6.5High \n[CVE-2019-1441](<https://vulners.com/cve/CVE-2019-1441>)9.3Critical \n[CVE-2019-1419](<https://vulners.com/cve/CVE-2019-1419>)6.8High \n[CVE-2019-1408](<https://vulners.com/cve/CVE-2019-1408>)7.2High \n[CVE-2019-1456](<https://vulners.com/cve/CVE-2019-1456>)6.8High \n[CVE-2019-1412](<https://vulners.com/cve/CVE-2019-1412>)2.1Warning \n[CVE-2019-1397](<https://vulners.com/cve/CVE-2019-1397>)7.7Critical \n[CVE-2019-1388](<https://vulners.com/cve/CVE-2019-1388>)7.2High \n[CVE-2019-1405](<https://vulners.com/cve/CVE-2019-1405>)7.2High \n[CVE-2019-1438](<https://vulners.com/cve/CVE-2019-1438>)7.2High \n[CVE-2019-1435](<https://vulners.com/cve/CVE-2019-1435>)7.2High \n[CVE-2019-1422](<https://vulners.com/cve/CVE-2019-1422>)4.6Warning \n[CVE-2019-1407](<https://vulners.com/cve/CVE-2019-1407>)7.2High\n\n### *KB list*:\n[4516065](<http://support.microsoft.com/kb/4516065>) \n[4516033](<http://support.microsoft.com/kb/4516033>) \n[4520009](<http://support.microsoft.com/kb/4520009>) \n[4520003](<http://support.microsoft.com/kb/4520003>) \n[4520002](<http://support.microsoft.com/kb/4520002>) \n[4519976](<http://support.microsoft.com/kb/4519976>) \n[4525234](<http://support.microsoft.com/kb/4525234>) \n[4525235](<http://support.microsoft.com/kb/4525235>) \n[4525106](<http://support.microsoft.com/kb/4525106>) \n[4525239](<http://support.microsoft.com/kb/4525239>) \n[4525233](<http://support.microsoft.com/kb/4525233>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "kaspersky", "title": "KLA11871 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-11135", "CVE-2019-1382", "CVE-2019-1384", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1415", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1422", "CVE-2019-1424", "CVE-2019-1429", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1441", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-17T00:00:00", "id": "KLA11871", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11871/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-21T08:31:07", "description": "### *Detect date*:\n11/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for 32-bit Systems \nWindows 8.1 for x64-based systems \nWindows Server 2012 R2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows RT 8.1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1703 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2019 (Server Core installation) \nWindows Server 2016 (Server Core installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1415](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1415>) \n[CVE-2019-1411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1411>) \n[CVE-2019-0712](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0712>) \n[CVE-2019-1424](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1424>) \n[CVE-2019-1399](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1399>) \n[CVE-2019-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1396>) \n[CVE-2019-1395](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1395>) \n[CVE-2019-1439](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1439>) \n[CVE-2019-1309](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1309>) \n[CVE-2019-1324](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1324>) \n[CVE-2019-1417](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1417>) \n[CVE-2019-1420](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1420>) \n[CVE-2019-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1430>) \n[CVE-2019-1454](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1454>) \n[CVE-2018-12207](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-12207>) \n[CVE-2019-1406](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1406>) \n[CVE-2019-1382](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1382>) \n[CVE-2019-1391](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1391>) \n[CVE-2019-11135](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-11135>) \n[CVE-2019-1383](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1383>) \n[CVE-2019-1385](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1385>) \n[CVE-2019-1394](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1394>) \n[CVE-2019-1434](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1434>) \n[CVE-2019-1440](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1440>) \n[CVE-2019-1310](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1310>) \n[CVE-2019-1433](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1433>) \n[CVE-2019-1418](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1418>) \n[CVE-2019-0721](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0721>) \n[CVE-2019-1432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1432>) \n[CVE-2019-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1409>) \n[CVE-2019-1437](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1437>) \n[CVE-2019-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1389>) \n[CVE-2019-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1393>) \n[CVE-2019-1381](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1381>) \n[CVE-2019-1392](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1392>) \n[CVE-2019-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1436>) \n[CVE-2019-0719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0719>) \n[CVE-2019-1380](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1380>) \n[CVE-2019-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1384>) \n[CVE-2019-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1419>) \n[CVE-2019-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1408>) \n[CVE-2019-1456](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1456>) \n[CVE-2019-1412](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1412>) \n[CVE-2019-1397](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1397>) \n[CVE-2019-1398](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1398>) \n[CVE-2019-1379](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1379>) \n[CVE-2019-1416](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1416>) \n[CVE-2019-1388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1388>) \n[CVE-2019-1405](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1405>) \n[CVE-2019-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1374>) \n[CVE-2019-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1438>) \n[CVE-2019-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1435>) \n[CVE-2019-1423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1423>) \n[CVE-2019-1422](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1422>) \n[CVE-2019-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1407>) \n[ADV190024](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1415](<https://vulners.com/cve/CVE-2019-1415>)4.6Warning \n[CVE-2019-1411](<https://vulners.com/cve/CVE-2019-1411>)4.3Warning \n[CVE-2019-0712](<https://vulners.com/cve/CVE-2019-0712>)6.8High \n[CVE-2019-1424](<https://vulners.com/cve/CVE-2019-1424>)6.8High \n[CVE-2019-1399](<https://vulners.com/cve/CVE-2019-1399>)5.5High \n[CVE-2019-1396](<https://vulners.com/cve/CVE-2019-1396>)7.2High \n[CVE-2019-1395](<https://vulners.com/cve/CVE-2019-1395>)7.2High \n[CVE-2019-1439](<https://vulners.com/cve/CVE-2019-1439>)4.3Warning \n[CVE-2019-1309](<https://vulners.com/cve/CVE-2019-1309>)6.8High \n[CVE-2019-1324](<https://vulners.com/cve/CVE-2019-1324>)5.0Critical \n[CVE-2019-1417](<https://vulners.com/cve/CVE-2019-1417>)4.6Warning \n[CVE-2019-1420](<https://vulners.com/cve/CVE-2019-1420>)4.6Warning \n[CVE-2019-1430](<https://vulners.com/cve/CVE-2019-1430>)9.3Critical \n[CVE-2019-1454](<https://vulners.com/cve/CVE-2019-1454>)3.6Warning \n[CVE-2018-12207](<https://vulners.com/cve/CVE-2018-12207>)4.9Warning \n[CVE-2019-1406](<https://vulners.com/cve/CVE-2019-1406>)9.3Critical \n[CVE-2019-1382](<https://vulners.com/cve/CVE-2019-1382>)2.1Warning \n[CVE-2019-1391](<https://vulners.com/cve/CVE-2019-1391>)4.9Warning \n[CVE-2019-11135](<https://vulners.com/cve/CVE-2019-11135>)2.1Warning \n[CVE-2019-1383](<https://vulners.com/cve/CVE-2019-1383>)4.6Warning \n[CVE-2019-1385](<https://vulners.com/cve/CVE-2019-1385>)6.1High \n[CVE-2019-1394](<https://vulners.com/cve/CVE-2019-1394>)7.2High \n[CVE-2019-1434](<https://vulners.com/cve/CVE-2019-1434>)7.2High \n[CVE-2019-1440](<https://vulners.com/cve/CVE-2019-1440>)2.1Warning \n[CVE-2019-1310](<https://vulners.com/cve/CVE-2019-1310>)6.8High \n[CVE-2019-1433](<https://vulners.com/cve/CVE-2019-1433>)7.2High \n[CVE-2019-1418](<https://vulners.com/cve/CVE-2019-1418>)2.1Warning \n[CVE-2019-0721](<https://vulners.com/cve/CVE-2019-0721>)9.0Critical \n[CVE-2019-1432](<https://vulners.com/cve/CVE-2019-1432>)4.3Warning \n[CVE-2019-1409](<https://vulners.com/cve/CVE-2019-1409>)2.1Warning \n[CVE-2019-1437](<https://vulners.com/cve/CVE-2019-1437>)7.2High \n[CVE-2019-1389](<https://vulners.com/cve/CVE-2019-1389>)7.7Critical \n[CVE-2019-1393](<https://vulners.com/cve/CVE-2019-1393>)7.2High \n[CVE-2019-1381](<https://vulners.com/cve/CVE-2019-1381>)2.1Warning \n[CVE-2019-1392](<https://vulners.com/cve/CVE-2019-1392>)7.2High \n[CVE-2019-1436](<https://vulners.com/cve/CVE-2019-1436>)2.1Warning \n[CVE-2019-0719](<https://vulners.com/cve/CVE-2019-0719>)9.0Critical \n[CVE-2019-1380](<https://vulners.com/cve/CVE-2019-1380>)4.6Warning \n[CVE-2019-1384](<https://vulners.com/cve/CVE-2019-1384>)6.5High \n[CVE-2019-1419](<https://vulners.com/cve/CVE-2019-1419>)6.8High \n[CVE-2019-1408](<https://vulners.com/cve/CVE-2019-1408>)7.2High \n[CVE-2019-1456](<https://vulners.com/cve/CVE-2019-1456>)6.8High \n[CVE-2019-1412](<https://vulners.com/cve/CVE-2019-1412>)2.1Warning \n[CVE-2019-1397](<https://vulners.com/cve/CVE-2019-1397>)7.7Critical \n[CVE-2019-1398](<https://vulners.com/cve/CVE-2019-1398>)7.7Critical \n[CVE-2019-1379](<https://vulners.com/cve/CVE-2019-1379>)4.6Warning \n[CVE-2019-1416](<https://vulners.com/cve/CVE-2019-1416>)4.4Warning \n[CVE-2019-1388](<https://vulners.com/cve/CVE-2019-1388>)7.2High \n[CVE-2019-1405](<https://vulners.com/cve/CVE-2019-1405>)7.2High \n[CVE-2019-1374](<https://vulners.com/cve/CVE-2019-1374>)4.3Warning \n[CVE-2019-1438](<https://vulners.com/cve/CVE-2019-1438>)7.2High \n[CVE-2019-1435](<https://vulners.com/cve/CVE-2019-1435>)7.2High \n[CVE-2019-1423](<https://vulners.com/cve/CVE-2019-1423>)4.6Warning \n[CVE-2019-1422](<https://vulners.com/cve/CVE-2019-1422>)4.6Warning \n[CVE-2019-1407](<https://vulners.com/cve/CVE-2019-1407>)7.2High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4520010](<http://support.microsoft.com/kb/4520010>) \n[4520008](<http://support.microsoft.com/kb/4520008>) \n[4520007](<http://support.microsoft.com/kb/4520007>) \n[4519998](<http://support.microsoft.com/kb/4519998>) \n[4520005](<http://support.microsoft.com/kb/4520005>) \n[4519990](<http://support.microsoft.com/kb/4519990>) \n[4519985](<http://support.microsoft.com/kb/4519985>) \n[4517389](<http://support.microsoft.com/kb/4517389>) \n[4519338](<http://support.microsoft.com/kb/4519338>) \n[4520011](<http://support.microsoft.com/kb/4520011>) \n[4520004](<http://support.microsoft.com/kb/4520004>) \n[4525246](<http://support.microsoft.com/kb/4525246>) \n[4525243](<http://support.microsoft.com/kb/4525243>) \n[4524570](<http://support.microsoft.com/kb/4524570>) \n[4525237](<http://support.microsoft.com/kb/4525237>) \n[4525232](<http://support.microsoft.com/kb/4525232>) \n[4525236](<http://support.microsoft.com/kb/4525236>) \n[4523205](<http://support.microsoft.com/kb/4523205>) \n[4525241](<http://support.microsoft.com/kb/4525241>) \n[4525250](<http://support.microsoft.com/kb/4525250>) \n[4525253](<http://support.microsoft.com/kb/4525253>)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-12T00:00:00", "type": "kaspersky", "title": "KLA11608 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0719", "CVE-2019-0721", "CVE-2019-11135", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1374", "CVE-2019-1379", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1423", "CVE-2019-1424", "CVE-2019-1430", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1437", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1454", "CVE-2019-1456"], "modified": "2023-03-17T00:00:00", "id": "KLA11608", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11608/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-11-17T18:28:30", "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The [latest Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance>) discloses 75 vulnerabilities, 13 of which are considered \"critical,\" with the rest being deemed \"important.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>) \u2014a [remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>) in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight [here](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>). We are also [disclosing a remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html>) in Microsoft Media Foundation. \n \nTalos also released a new set of SNORT\u24c7 rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2019/11/snort-rule-update-for-nov-12-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 13 critical vulnerabilities this month, nine of which we will highlight below. \n \n[CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>), [CVE-2019-1389](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>), [CVE-2019-1397](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1397>) and [CVE-2019-1398](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>) are all vulnerabilities in Windows Hyper-V that could allow an attacker to remotely execute code on the victim machine. These bugs arise when Hyper-V on a host server improperly validates input from an authenticated user on a guest operating system. An attacker can exploit these vulnerabilities by running a specially crafted application on a guest OS. This could allow a malicious user to escape the hypervisor or a sandbox. \n \n[CVE-2019-1390](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1390>) is a remote code execution vulnerability in VBScript. This vulnerability could allow an attacker to corrupt memory in a way that would enable them to execute remote code in the context of the current user. A user could trigger this vulnerability by visiting an attacker-created website while using the Internet Explorer browser, or by opening an Office document or application that contains an ActiveX control marked \"safe for initialization.\" \n \n[CVE-2019-1426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1426>),[ CVE-2019-1427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1427>), [CVE-2019-1428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1428>) and [CVE-2019-1429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429>) are memory corruption vulnerabilities in the Microsoft Scripting Engine that could lead to remote code execution. The bugs exist in the way the Microsoft Edge web browser handles objects in memory. A user could trigger these vulnerabilities by visiting an attacker-controlled website in Edge. \n \nThe four other critical vulnerabilities are: \n\n\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n * [CVE-2019-1419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1419>)\n * [CVE-2019-1430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1430>)\n * [CVE-2019-1441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1441>)\n\n### Important vulnerabilities\n\nThis release also contains 62 important vulnerabilities, one of which we will highlight below. \n \n[CVE-2019-1020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1020>) is a security feature bypass vulnerability in the Windows secure boot process. An attacker could run a specially crafted application to bypass secure boot and load malicious software. This security update fixes the issue by blocking vulnerable third-party bootloaders. An update also needs to be applied to Windows Defender. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2018-12207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-12207>)\n * [CVE-2019-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>)\n * [CVE-2019-11135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135>)\n * [CVE-2019-1234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234>)\n * [CVE-2019-1309](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1309>)\n * [CVE-2019-1310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1310>)\n * [CVE-2019-1324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1324>)\n * [CVE-2019-1370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1370>)\n * [CVE-2019-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1374>)\n * [CVE-2019-1379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1379>)\n * [CVE-2019-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1380>)\n * [CVE-2019-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1381>)\n * [CVE-2019-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1382>)\n * [CVE-2019-1383](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1383>)\n * [CVE-2019-1384](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1384>)\n * [CVE-2019-1385](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385>)\n * [CVE-2019-1388](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388>)\n * [CVE-2019-1391](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1391>)\n * [CVE-2019-1392](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1392>)\n * [CVE-2019-1393](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1393>)\n * [CVE-2019-1394](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1394>)\n * [CVE-2019-1395](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1395>)\n * [CVE-2019-1396](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1396>)\n * [CVE-2019-1399](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1399>)\n * [CVE-2019-1402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1402>)\n * [CVE-2019-1405](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405>)\n * [CVE-2019-1406](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1406>)\n * [CVE-2019-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1407>)\n * [CVE-2019-1408](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1408>)\n * [CVE-2019-1409](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1409>)\n * [CVE-2019-1411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1411>)\n * [CVE-2019-1412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1412>)\n * [CVE-2019-1413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1413>)\n * [CVE-2019-1415](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1415>)\n * [CVE-2019-1416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1416>)\n * [CVE-2019-1417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1417>)\n * [CVE-2019-1418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1418>)\n * [CVE-2019-1420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1420>)\n * [CVE-2019-1422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1422>)\n * [CVE-2019-1423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1423>)\n * [CVE-2019-1424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1424>)\n * [CVE-2019-1425](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425>)\n * [CVE-2019-1432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1432>)\n * [CVE-2019-1433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1433>)\n * [CVE-2019-1434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1434>)\n * [CVE-2019-1435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1435>)\n * [CVE-2019-1436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1436>)\n * [CVE-2019-1437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1437>)\n * [CVE-2019-1438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1438>)\n * [CVE-2019-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1439>)\n * [CVE-2019-1440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1440>)\n * [CVE-2019-1442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1442>)\n * [CVE-2019-1443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443>)\n * [CVE-2019-1445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1445>)\n * [CVE-2019-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1446>)\n * [CVE-2019-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1447>)\n * [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>)\n * [CVE-2019-1449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1449>)\n * [CVE-2019-1456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1456>)\n * [CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>)\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 46548, 46549, 52205 - 52209, 52212, 52213, 52216, 52217 - 52225, 52228 - 52234, 52239, 52240\n\n", "cvss3": {}, "published": "2019-11-12T11:58:09", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Nov. 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0721", "CVE-2019-1020", "CVE-2019-11135", "CVE-2019-1234", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1370", "CVE-2019-1373", "CVE-2019-1374", "CVE-2019-1379", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1402", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1423", "CVE-2019-1424", "CVE-2019-1425", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1430", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1437", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1441", "CVE-2019-1442", "CVE-2019-1443", "CVE-2019-1445", "CVE-2019-1446", "CVE-2019-1447", "CVE-2019-1448", "CVE-2019-1449", "CVE-2019-1456"], "modified": "2019-11-12T11:58:09", "id": "TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/RA0KAo5GE1Y/microsoft-patch-tuesday-nov-2019.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}