{"id": "SMNTC-110792", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows Subsystem for Linux CVE-2019-1416 Local Privilege Escalation Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-11-12T00:00:00", "modified": "2019-11-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110792", "reporter": "Symantec Security Response", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1416"], "cvelist": ["CVE-2019-1416"], "lastseen": "2019-11-13T21:21:38", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-1416"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1416"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815837", "OPENVAS:1361412562310815720", "OPENVAS:1361412562310815835"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_NOV_4524570.NASL", "SMB_NT_MS19_NOV_4525241.NASL", "SMB_NT_MS19_NOV_4523205.NASL", "SMB_NT_MS19_NOV_4525237.NASL"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E"]}], "modified": "2019-11-13T21:21:38", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2019-11-13T21:21:38", "rev": 2}, "vulnersScore": 6.4}, "affectedSoftware": [{"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1709 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 version 1709 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1903 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for x64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1809 for ARM64-based Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1903 for ARM64-based Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "1803"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1709 for ARM64-based Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "1903"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1903 for 32-bit Systems"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for 32-bit Systems"}, {"name": "Microsoft Windows Server", "operator": "eq", "version": "2019"}, {"name": "Microsoft Windows", "operator": "eq", "version": "10 Version 1803 for ARM64-based Systems"}], "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T07:12:51", "description": "An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.", "edition": 6, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-12T19:15:00", "title": "CVE-2019-1416", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1416"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2019-1416", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1416", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2021-03-18T19:16:08", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1416"], "description": "An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\n\nThe security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.\n", "modified": "2019-11-12T08:00:00", "id": "MS:CVE-2019-1416", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1416", "published": "2019-11-12T08:00:00", "type": "mscve", "title": "Windows Subsystem for Linux Elevation of Privilege Vulnerability", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-07-21T20:40:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "description": "This host is missing a critical security\n update according to Microsoft KB4525241", "modified": "2020-07-17T00:00:00", "published": "2019-11-13T00:00:00", "id": "OPENVAS:1361412562310815720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815720", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525241)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815720\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0721\", \"CVE-2019-11135\",\n \"CVE-2019-1422\", \"CVE-2019-1424\", \"CVE-2019-1426\", \"CVE-2019-1309\",\n \"CVE-2019-1324\", \"CVE-2019-1374\", \"CVE-2019-1380\", \"CVE-2019-1428\",\n \"CVE-2019-1429\", \"CVE-2019-1381\", \"CVE-2019-1382\", \"CVE-2019-1383\",\n \"CVE-2019-1433\", \"CVE-2019-1435\", \"CVE-2019-1436\", \"CVE-2019-1384\",\n \"CVE-2019-1385\", \"CVE-2019-1388\", \"CVE-2019-1389\", \"CVE-2019-1438\",\n \"CVE-2019-1439\", \"CVE-2019-1440\", \"CVE-2019-1390\", \"CVE-2019-1391\",\n \"CVE-2019-1393\", \"CVE-2019-1394\", \"CVE-2019-1395\", \"CVE-2019-1456\",\n \"CVE-2019-1396\", \"CVE-2019-1397\", \"CVE-2019-1398\", \"CVE-2019-1406\",\n \"CVE-2019-1407\", \"CVE-2019-1408\", \"CVE-2019-1409\", \"CVE-2019-1411\",\n \"CVE-2019-1413\", \"CVE-2019-1415\", \"CVE-2019-1416\", \"CVE-2019-1417\",\n \"CVE-2019-1418\", \"CVE-2019-1419\", \"CVE-2019-1420\", \"CVE-2019-1399\",\n \"CVE-2019-1405\", \"CVE-2019-0719\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 09:47:51 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525241)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525241\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows improperly handles objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets.\n\n - Scripting engine improperly handles objects in memory in Internet Explorer.\n\n - Windows Servicing Stack allows access to unprivileged file locations.\n\n - ActiveX Installer service allows access to files without proper authentication.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode, gain access to sensitive data, elevate\n privileges and conduct denial of service attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525241\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.1503\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.1503\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1437", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1379", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1427", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "description": "This host is missing a critical security\n update according to Microsoft KB4523205", "modified": "2020-07-17T00:00:00", "published": "2019-11-13T00:00:00", "id": "OPENVAS:1361412562310815835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815835", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4523205)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815835\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-0721\",\n \"CVE-2019-11135\", \"CVE-2019-1309\", \"CVE-2019-1310\", \"CVE-2019-1324\",\n \"CVE-2019-1374\", \"CVE-2019-1379\", \"CVE-2019-1380\", \"CVE-2019-1381\",\n \"CVE-2019-1382\", \"CVE-2019-1383\", \"CVE-2019-1384\", \"CVE-2019-1385\",\n \"CVE-2019-1388\", \"CVE-2019-1390\", \"CVE-2019-1391\", \"CVE-2019-1393\",\n \"CVE-2019-1394\", \"CVE-2019-1395\", \"CVE-2019-1396\", \"CVE-2019-1397\",\n \"CVE-2019-1398\", \"CVE-2019-1399\", \"CVE-2019-1405\", \"CVE-2019-1406\",\n \"CVE-2019-1408\", \"CVE-2019-1409\", \"CVE-2019-1411\", \"CVE-2019-1413\",\n \"CVE-2019-1415\", \"CVE-2019-1416\", \"CVE-2019-1417\", \"CVE-2019-1418\",\n \"CVE-2019-1419\", \"CVE-2019-1420\", \"CVE-2019-1422\", \"CVE-2019-1424\",\n \"CVE-2019-1426\", \"CVE-2019-1427\", \"CVE-2019-1428\", \"CVE-2019-1429\",\n \"CVE-2019-1433\", \"CVE-2019-1435\", \"CVE-2019-1436\", \"CVE-2019-1437\",\n \"CVE-2019-1438\", \"CVE-2019-1439\", \"CVE-2019-1440\", \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 09:08:41 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4523205)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4523205\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows DirectWrite improperly discloses the contents of its memory.\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly validate\n input from a privileged user on a guest operating system.\n\n - Windows Installer improperly handles certain filesystem operations.\n\n - Windows Error Reporting (WER) improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Data Sharing Service improperly handles file operations.\n\n - Windows Universal Plug and Play (UPnP) service improperly allows COM object\n creation.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to disclose sensitive information, cause the host server to crash, execute code\n with elevated permissions, elevate privileges and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4523205\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Userenv.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.830\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Userenv.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.830\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1407", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "description": "This host is missing a critical security\n update according to Microsoft KB4525237", "modified": "2020-07-17T00:00:00", "published": "2019-11-13T00:00:00", "id": "OPENVAS:1361412562310815837", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815837", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4525237)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815837\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12207\", \"CVE-2019-0712\", \"CVE-2019-0719\", \"CVE-2019-0721\",\n \"CVE-2019-11135\", \"CVE-2019-1309\", \"CVE-2019-1310\", \"CVE-2019-1324\",\n \"CVE-2019-1374\", \"CVE-2019-1380\", \"CVE-2019-1381\", \"CVE-2019-1382\",\n \"CVE-2019-1383\", \"CVE-2019-1384\", \"CVE-2019-1385\", \"CVE-2019-1388\",\n \"CVE-2019-1389\", \"CVE-2019-1390\", \"CVE-2019-1391\", \"CVE-2019-1393\",\n \"CVE-2019-1394\", \"CVE-2019-1395\", \"CVE-2019-1396\", \"CVE-2019-1397\",\n \"CVE-2019-1398\", \"CVE-2019-1399\", \"CVE-2019-1405\", \"CVE-2019-1406\",\n \"CVE-2019-1407\", \"CVE-2019-1408\", \"CVE-2019-1409\", \"CVE-2019-1411\",\n \"CVE-2019-1413\", \"CVE-2019-1415\", \"CVE-2019-1416\", \"CVE-2019-1417\",\n \"CVE-2019-1418\", \"CVE-2019-1419\", \"CVE-2019-1420\", \"CVE-2019-1422\",\n \"CVE-2019-1424\", \"CVE-2019-1426\", \"CVE-2019-1428\", \"CVE-2019-1429\",\n \"CVE-2019-1433\", \"CVE-2019-1435\", \"CVE-2019-1436\", \"CVE-2019-1438\",\n \"CVE-2019-1439\", \"CVE-2019-1440\", \"CVE-2019-1456\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-13 10:37:52 +0530 (Wed, 13 Nov 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4525237)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4525237\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Hyper-V Network Switch on a host server fails to properly validate\n input from a privileged user on a guest operating system.\n\n - Windows Installer improperly handles certain filesystem operations.\n\n - Windows Error Reporting (WER) improperly handles objects in memory.\n\n - Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets.\n\n - The win32k component improperly provides kernel information.\n\n - Windows Universal Plug and Play (UPnP) service improperly allows COM object\n creation.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Graphics Component improperly handles objects in memory.\n\n - Scripting engine improperly handles objects in memory in Microsoft Edge\n (HTML-based).\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to crash host server, execute code with elevated permissions, obtain information\n to further compromise the user's system, elevate privileges on an affected system\n and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4525237\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer)\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.1129\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.1129\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-08-19T05:13:44", "description": "The remote Windows host is missing security update 4525237.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397,\n CVE-2019-1398)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-12T00:00:00", "title": "KB4525237: Windows 10 Version 1803 November 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1407", "CVE-2019-1454", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1427", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4525237.NASL", "href": "https://www.tenable.com/plugins/nessus/130907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130907);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1310\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525237\");\n script_xref(name:\"MSFT\", value:\"MS19-4525237\");\n\n script_name(english:\"KB4525237: Windows 10 Version 1803 November 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525237.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397,\n CVE-2019-1398)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4525237/windows-10-update-kb4525237\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2194d569\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4525237.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525237');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525237])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:42", "description": "The remote Windows host is missing security update 4523205.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CCVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1379, CVE-2019-1383,\n CVE-2019-1417)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437,\n CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-12T00:00:00", "title": "KB4523205: Windows 10 Version 1809 and Windows Server 2019 November 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1454", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1437", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1379", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1427", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4523205.NASL", "href": "https://www.tenable.com/plugins/nessus/130901", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130901);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1310\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1379\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1437\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4523205\");\n script_xref(name:\"MSFT\", value:\"MS19-4523205\");\n\n script_name(english:\"KB4523205: Windows 10 Version 1809 and Windows Server 2019 November 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4523205.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CCVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1379, CVE-2019-1383,\n CVE-2019-1417)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437,\n CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4523205/windows-10-update-kb4523205\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fabe75f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4523205.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4523205');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4523205])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:42", "description": "The remote Windows host is missing security update 4524570. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A remote code execution vulnerability exists when\n Windows Media Foundation improperly parses specially\n crafted QuickTime media files. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. Users whose accounts\n are configured to have fewer user rights on the system\n could be less impacted than users who operate with\n administrative user rights. (CVE-2019-1430)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the StartTileData.dll handles file creation in\n protected locations. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1423)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437,\n CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-12T00:00:00", "title": "KB4524570: Windows 10 Version 1903 and Windows 10 Version 1909 November 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1454", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1423", "CVE-2019-1394", "CVE-2019-1437", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1430", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1427", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4524570.NASL", "href": "https://www.tenable.com/plugins/nessus/130902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130902);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1310\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1423\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1430\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1437\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4524570\");\n script_xref(name:\"MSFT\", value:\"MS19-4524570\");\n\n script_name(english:\"KB4524570: Windows 10 Version 1903 and Windows 10 Version 1909 November 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4524570. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A remote code execution vulnerability exists when\n Windows Media Foundation improperly parses specially\n crafted QuickTime media files. An attacker who\n successfully exploited this vulnerability could gain the\n same user rights as the local user. Users whose accounts\n are configured to have fewer user rights on the system\n could be less impacted than users who operate with\n administrative user rights. (CVE-2019-1430)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1397, CVE-2019-1398)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - An elevation of privilege vulnerability exists in the\n way that the StartTileData.dll handles file creation in\n protected locations. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1423)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437,\n CVE-2019-1438)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4524570/windows-10-update-kb4524570\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?864f0755\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4524570.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1430\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4524570');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4524570])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4524570])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:13:45", "description": "The remote Windows host is missing security update 4525241.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397,\n CVE-2019-1398)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)", "edition": 15, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-12T00:00:00", "title": "KB4525241: Windows 10 Version 1709 November 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1407", "CVE-2019-1454", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1429", "CVE-2019-1382", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1428", "CVE-2019-1436", "CVE-2019-1394", "CVE-2019-1406", "CVE-2019-1390", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-1426", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1413", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1427", "CVE-2019-1418", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_NOV_4525241.NASL", "href": "https://www.tenable.com/plugins/nessus/130908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130908);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-0712\",\n \"CVE-2019-0719\",\n \"CVE-2019-0721\",\n \"CVE-2019-1309\",\n \"CVE-2019-1324\",\n \"CVE-2019-1374\",\n \"CVE-2019-1380\",\n \"CVE-2019-1381\",\n \"CVE-2019-1382\",\n \"CVE-2019-1383\",\n \"CVE-2019-1384\",\n \"CVE-2019-1385\",\n \"CVE-2019-1388\",\n \"CVE-2019-1389\",\n \"CVE-2019-1390\",\n \"CVE-2019-1391\",\n \"CVE-2019-1393\",\n \"CVE-2019-1394\",\n \"CVE-2019-1395\",\n \"CVE-2019-1396\",\n \"CVE-2019-1397\",\n \"CVE-2019-1398\",\n \"CVE-2019-1399\",\n \"CVE-2019-1405\",\n \"CVE-2019-1406\",\n \"CVE-2019-1407\",\n \"CVE-2019-1408\",\n \"CVE-2019-1409\",\n \"CVE-2019-1411\",\n \"CVE-2019-1413\",\n \"CVE-2019-1415\",\n \"CVE-2019-1416\",\n \"CVE-2019-1417\",\n \"CVE-2019-1418\",\n \"CVE-2019-1419\",\n \"CVE-2019-1420\",\n \"CVE-2019-1422\",\n \"CVE-2019-1424\",\n \"CVE-2019-1426\",\n \"CVE-2019-1427\",\n \"CVE-2019-1428\",\n \"CVE-2019-1429\",\n \"CVE-2019-1433\",\n \"CVE-2019-1435\",\n \"CVE-2019-1436\",\n \"CVE-2019-1438\",\n \"CVE-2019-1439\",\n \"CVE-2019-1440\",\n \"CVE-2019-1454\",\n \"CVE-2019-1456\",\n \"CVE-2019-11135\"\n );\n script_xref(name:\"MSKB\", value:\"4525241\");\n script_xref(name:\"MSFT\", value:\"MS19-4525241\");\n\n script_name(english:\"KB4525241: Windows 10 Version 1709 November 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4525241.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Windows Netlogon improperly handles a secure\n communications channel. An attacker who successfully\n exploited the vulnerability could downgrade aspects of\n the connection allowing for further modification of the\n transmission. (CVE-2019-1424)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-11135)\n\n - An information disclosure vulnerability exists in the\n way Windows Error Reporting (WER) handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2019-1374)\n\n - A local elevation of privilege vulnerability exists in\n how splwow64.exe handles certain calls. An attacker who\n successfully exploited the vulnerability could elevate\n privileges on an affected system from low-integrity to\n medium-integrity. This vulnerability by itself does not\n allow arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability (such as a remote\n code execution vulnerability or another elevation of\n privilege vulnerability) that is capable of leveraging\n the elevated privileges when code execution is\n attempted. The security update addresses the\n vulnerability by ensuring splwow64.exe properly handles\n these calls.. (CVE-2019-1380)\n\n - An elevation of privilege vulnerability exists due to a\n race condition in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1416)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Internet Explorer. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2019-1429)\n\n - A security feature bypass vulnerability exists where a\n NETLOGON message is able to obtain the session key and\n sign messages. (CVE-2019-1384)\n\n - An elevation of privilege vulnerability exists when the\n Windows Graphics Component improperly handles objects in\n memory. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435,\n CVE-2019-1438)\n\n - An information vulnerability exists when Windows Modules\n Installer Service improperly discloses file information.\n Successful exploitation of the vulnerability could allow\n the attacker to read the contents of a log file on disk.\n (CVE-2019-1418)\n\n - An elevation of privilege vulnerability exists when the\n Windows User Profile Service (ProfSvc) improperly\n handles symlinks. An attacker who successfully exploited\n this vulnerability could delete files and folders in an\n elevated context. (CVE-2019-1454)\n\n - An elevation of privilege vulnerability exists in the\n Windows Certificate Dialog when it does not properly\n enforce user privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1388)\n\n - An information disclosure vulnerability exists when the\n Windows TCP/IP stack improperly handles IPv6 flowlabel\n filled in packets. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1324)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Network Switch on a host server fails to\n properly validate input from a privileged user on a\n guest operating system. An attacker who successfully\n exploited the vulnerability could cause the host server\n to crash. (CVE-2019-0712, CVE-2019-1309)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2018-12207,\n CVE-2019-1391)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-1393, CVE-2019-1394,\n CVE-2019-1395, CVE-2019-1396, CVE-2019-1408)\n\n - An elevation of privilege vulnerability exists in\n Windows Installer because of the way Windows Installer\n handles certain filesystem operations. (CVE-2019-1415)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V Network Switch on a host server fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0719, CVE-2019-0721)\n\n - An information disclosure vulnerability exists when\n DirectWrite improperly discloses the contents of its\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how DirectWrite handles objects in memory.\n (CVE-2019-1411)\n\n - An information disclosure vulnerability exists when the\n Windows Servicing Stack allows access to unprivileged\n file locations. An attacker who successfully exploited\n the vulnerability could potentially access unauthorized\n files. (CVE-2019-1381)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1390)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-1439)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1406)\n\n - An elevation of privilege vulnerability exists when the\n Windows Universal Plug and Play (UPnP) service\n improperly allows COM object creation. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code with elevated system privileges. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2019-1405)\n\n - A remote code execution vulnerability exists when\n Windows Hyper-V on a host server fails to properly\n validate input from an authenticated user on a guest\n operating system. (CVE-2019-1389, CVE-2019-1397,\n CVE-2019-1398)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows when the Windows Adobe Type Manager\n Library improperly handles specially crafted OpenType\n fonts. For all systems except Windows 10, an attacker\n who successfully exploited the vulnerability could\n execute code remotely. For systems running Windows 10,\n an attacker who successfully exploited the vulnerability\n could execute code in an AppContainer sandbox context\n with limited privileges and capabilities. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n There are multiple ways an attacker could exploit the\n vulnerability, such as by either convincing a user to\n open a specially crafted document, or by convincing a\n user to visit a webpage that contains specially crafted\n embedded OpenType fonts. The update addresses the\n vulnerability by correcting how the Windows Adobe Type\n Manager Library handles OpenType fonts. (CVE-2019-1419,\n CVE-2019-1456)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V on a host server fails to properly validate\n input from a privileged user on a guest operating\n system. (CVE-2019-1399)\n\n - An elevation of privilege vulnerability exists when the\n Windows Data Sharing Service improperly handles file\n operations. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could exploit this vulnerability by\n running a specially crafted application on the victim\n system. The update addresses the vulnerability by\n correcting the way the Windows Data Sharing Service\n handles file operations. (CVE-2019-1383, CVE-2019-1417)\n\n - An elevation of privilege vulnerability exists when\n ActiveX Installer service may allow access to files\n without proper authentication. An attacker who\n successfully exploited the vulnerability could\n potentially access unauthorized files. (CVE-2019-1382)\n\n - An information disclosure vulnerability exists when the\n Windows Remote Procedure Call (RPC) runtime improperly\n initializes objects in memory. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the users system.\n (CVE-2019-1409)\n\n - An elevation of privilege vulnerability exists in the\n way that the dssvc.dll handles file creation allowing\n for a file overwrite or creation in a secured location.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2019-1420)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1436, CVE-2019-1440)\n\n - An elevation of privilege vulnerability exists in the\n way that the iphlpsvc.dll handles file creation allowing\n for a file overwrite. An attacker who successfully\n exploited the vulnerability could execute code with\n elevated permissions. (CVE-2019-1422)\n\n - An elevation of privilege vulnerability exists when the\n Windows AppX Deployment Extensions improperly performs\n privilege management, resulting in access to system\n files. (CVE-2019-1385)\");\n # https://support.microsoft.com/en-us/help/4525241/windows-10-update-kb4525241\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df32672c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4525241.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1406\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-11\";\nkbs = make_list('4525241');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"11_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4525241])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:09", "bulletinFamily": "info", "cvelist": ["CVE-2019-1407", "CVE-2019-1454", "CVE-2019-1439", "CVE-2019-1385", "CVE-2019-1433", "CVE-2019-1415", "CVE-2019-1398", "CVE-2019-1396", "CVE-2019-1382", "CVE-2019-1434", "CVE-2019-1324", "CVE-2019-1397", "CVE-2019-1388", "CVE-2019-1435", "CVE-2019-1440", "CVE-2019-1436", "CVE-2019-1423", "CVE-2019-1394", "CVE-2019-1437", "CVE-2019-1406", "CVE-2019-1411", "CVE-2018-12207", "CVE-2019-0721", "CVE-2019-1420", "CVE-2019-1399", "CVE-2019-1393", "CVE-2019-1430", "CVE-2019-11135", "CVE-2019-1438", "CVE-2019-1310", "CVE-2019-1408", "CVE-2019-1456", "CVE-2019-1391", "CVE-2019-1422", "CVE-2019-1409", "CVE-2019-1384", "CVE-2019-1395", "CVE-2019-0712", "CVE-2019-1309", "CVE-2019-1383", "CVE-2019-1419", "CVE-2019-1379", "CVE-2019-1417", "CVE-2019-1381", "CVE-2019-1389", "CVE-2019-1392", "CVE-2019-1424", "CVE-2019-1405", "CVE-2019-1432", "CVE-2019-1418", "CVE-2019-1412", "CVE-2019-1416", "CVE-2019-1380", "CVE-2019-1374", "CVE-2019-0719"], "description": "### *Detect date*:\n11/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1903 for 32-bit Systems \nWindows 8.1 for x64-based systems \nWindows Server 2012 R2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows RT 8.1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2019 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1703 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1709 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1415](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1415>) \n[CVE-2019-1411](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1411>) \n[CVE-2019-0712](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0712>) \n[CVE-2019-1424](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1424>) \n[CVE-2019-1399](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1399>) \n[CVE-2019-1396](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1396>) \n[CVE-2019-1395](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1395>) \n[CVE-2019-1439](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1439>) \n[CVE-2019-1309](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1309>) \n[CVE-2019-1324](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1324>) \n[CVE-2019-1417](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1417>) \n[CVE-2019-1420](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1420>) \n[CVE-2019-1430](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1430>) \n[CVE-2019-1454](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1454>) \n[CVE-2018-12207](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-12207>) \n[CVE-2019-1406](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1406>) \n[CVE-2019-1382](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1382>) \n[CVE-2019-1391](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1391>) \n[CVE-2019-11135](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-11135>) \n[CVE-2019-1383](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1383>) \n[CVE-2019-1385](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1385>) \n[CVE-2019-1394](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1394>) \n[CVE-2019-1434](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1434>) \n[CVE-2019-1440](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1440>) \n[CVE-2019-1310](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1310>) \n[CVE-2019-1433](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1433>) \n[CVE-2019-1418](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1418>) \n[CVE-2019-0721](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0721>) \n[CVE-2019-1432](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1432>) \n[CVE-2019-1409](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1409>) \n[CVE-2019-1437](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1437>) \n[CVE-2019-1389](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1389>) \n[CVE-2019-1393](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1393>) \n[CVE-2019-1381](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1381>) \n[CVE-2019-1392](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1392>) \n[CVE-2019-1436](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1436>) \n[CVE-2019-0719](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0719>) \n[CVE-2019-1380](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1380>) \n[CVE-2019-1384](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1384>) \n[CVE-2019-1419](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1419>) \n[CVE-2019-1408](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1408>) \n[CVE-2019-1456](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1456>) \n[CVE-2019-1412](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1412>) \n[CVE-2019-1397](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1397>) \n[CVE-2019-1398](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1398>) \n[CVE-2019-1379](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1379>) \n[CVE-2019-1416](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1416>) \n[CVE-2019-1388](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1388>) \n[CVE-2019-1405](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1405>) \n[CVE-2019-1374](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1374>) \n[CVE-2019-1438](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1438>) \n[CVE-2019-1435](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1435>) \n[CVE-2019-1423](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1423>) \n[CVE-2019-1422](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1422>) \n[CVE-2019-1407](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1407>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1415](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1415>)0.0Unknown \n[CVE-2019-1411](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1411>)0.0Unknown \n[CVE-2019-0712](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0712>)0.0Unknown \n[CVE-2019-1424](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1424>)0.0Unknown \n[CVE-2019-1399](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1399>)0.0Unknown \n[CVE-2019-1396](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1396>)0.0Unknown \n[CVE-2019-1395](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1395>)0.0Unknown \n[CVE-2019-1439](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1439>)0.0Unknown \n[CVE-2019-1309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1309>)0.0Unknown \n[CVE-2019-1324](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1324>)0.0Unknown \n[CVE-2019-1417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1417>)0.0Unknown \n[CVE-2019-1420](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1420>)0.0Unknown \n[CVE-2019-1430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1430>)0.0Unknown \n[CVE-2019-1454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1454>)0.0Unknown \n[CVE-2018-12207](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207>)0.0Unknown \n[CVE-2019-1406](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1406>)0.0Unknown \n[CVE-2019-1382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1382>)0.0Unknown \n[CVE-2019-1391](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1391>)0.0Unknown \n[CVE-2019-11135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135>)0.0Unknown \n[CVE-2019-1383](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1383>)0.0Unknown \n[CVE-2019-1385](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1385>)0.0Unknown \n[CVE-2019-1394](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1394>)0.0Unknown \n[CVE-2019-1434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1434>)0.0Unknown \n[CVE-2019-1440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1440>)0.0Unknown \n[CVE-2019-1310](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1310>)0.0Unknown \n[CVE-2019-1433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1433>)0.0Unknown \n[CVE-2019-1418](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1418>)0.0Unknown \n[CVE-2019-0721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0721>)0.0Unknown \n[CVE-2019-1432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1432>)0.0Unknown \n[CVE-2019-1409](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1409>)0.0Unknown \n[CVE-2019-1437](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1437>)0.0Unknown \n[CVE-2019-1389](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1389>)0.0Unknown \n[CVE-2019-1393](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1393>)0.0Unknown \n[CVE-2019-1381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1381>)0.0Unknown \n[CVE-2019-1392](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1392>)0.0Unknown \n[CVE-2019-1436](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1436>)0.0Unknown \n[CVE-2019-0719](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0719>)0.0Unknown \n[CVE-2019-1380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1380>)0.0Unknown \n[CVE-2019-1384](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1384>)0.0Unknown \n[CVE-2019-1419](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1419>)0.0Unknown \n[CVE-2019-1408](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1408>)0.0Unknown \n[CVE-2019-1456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1456>)0.0Unknown \n[CVE-2019-1412](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1412>)0.0Unknown \n[CVE-2019-1397](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1397>)0.0Unknown \n[CVE-2019-1398](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1398>)0.0Unknown \n[CVE-2019-1379](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1379>)0.0Unknown \n[CVE-2019-1416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1416>)0.0Unknown \n[CVE-2019-1388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1388>)0.0Unknown \n[CVE-2019-1405](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1405>)0.0Unknown \n[CVE-2019-1374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1374>)0.0Unknown \n[CVE-2019-1438](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1438>)0.0Unknown \n[CVE-2019-1435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1435>)0.0Unknown \n[CVE-2019-1423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1423>)0.0Unknown \n[CVE-2019-1422](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1422>)0.0Unknown \n[CVE-2019-1407](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1407>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4520010](<http://support.microsoft.com/kb/4520010>) \n[4520008](<http://support.microsoft.com/kb/4520008>) \n[4520007](<http://support.microsoft.com/kb/4520007>) \n[4519998](<http://support.microsoft.com/kb/4519998>) \n[4520005](<http://support.microsoft.com/kb/4520005>) \n[4519990](<http://support.microsoft.com/kb/4519990>) \n[4519985](<http://support.microsoft.com/kb/4519985>) \n[4517389](<http://support.microsoft.com/kb/4517389>) \n[4519338](<http://support.microsoft.com/kb/4519338>) \n[4520011](<http://support.microsoft.com/kb/4520011>) \n[4520004](<http://support.microsoft.com/kb/4520004>) \n[4525246](<http://support.microsoft.com/kb/4525246>) \n[4525243](<http://support.microsoft.com/kb/4525243>) \n[4524570](<http://support.microsoft.com/kb/4524570>) \n[4525237](<http://support.microsoft.com/kb/4525237>) \n[4525232](<http://support.microsoft.com/kb/4525232>) \n[4525236](<http://support.microsoft.com/kb/4525236>) \n[4523205](<http://support.microsoft.com/kb/4523205>) \n[4525241](<http://support.microsoft.com/kb/4525241>) \n[4525250](<http://support.microsoft.com/kb/4525250>) \n[4525253](<http://support.microsoft.com/kb/4525253>)", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-11-12T00:00:00", "id": "KLA11608", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11608", "title": "\r KLA11608Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-11-17T18:28:30", "bulletinFamily": "blog", "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0721", "CVE-2019-1020", "CVE-2019-11135", "CVE-2019-1234", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1370", "CVE-2019-1373", "CVE-2019-1374", "CVE-2019-1379", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1402", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1423", "CVE-2019-1424", "CVE-2019-1425", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1430", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1437", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1441", "CVE-2019-1442", "CVE-2019-1443", "CVE-2019-1445", "CVE-2019-1446", "CVE-2019-1447", "CVE-2019-1448", "CVE-2019-1449", "CVE-2019-1456"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The [latest Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance>) discloses 75 vulnerabilities, 13 of which are considered \"critical,\" with the rest being deemed \"important.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>) \u2014a [remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>) in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight [here](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>). We are also [disclosing a remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html>) in Microsoft Media Foundation. \n \nTalos also released a new set of SNORT\u24c7 rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2019/11/snort-rule-update-for-nov-12-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 13 critical vulnerabilities this month, nine of which we will highlight below. \n \n[CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>), [CVE-2019-1389](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>), [CVE-2019-1397](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1397>) and [CVE-2019-1398](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>) are all vulnerabilities in Windows Hyper-V that could allow an attacker to remotely execute code on the victim machine. These bugs arise when Hyper-V on a host server improperly validates input from an authenticated user on a guest operating system. An attacker can exploit these vulnerabilities by running a specially crafted application on a guest OS. This could allow a malicious user to escape the hypervisor or a sandbox. \n \n[CVE-2019-1390](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1390>) is a remote code execution vulnerability in VBScript. This vulnerability could allow an attacker to corrupt memory in a way that would enable them to execute remote code in the context of the current user. A user could trigger this vulnerability by visiting an attacker-created website while using the Internet Explorer browser, or by opening an Office document or application that contains an ActiveX control marked \"safe for initialization.\" \n \n[CVE-2019-1426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1426>),[ CVE-2019-1427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1427>), [CVE-2019-1428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1428>) and [CVE-2019-1429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429>) are memory corruption vulnerabilities in the Microsoft Scripting Engine that could lead to remote code execution. The bugs exist in the way the Microsoft Edge web browser handles objects in memory. A user could trigger these vulnerabilities by visiting an attacker-controlled website in Edge. \n \nThe four other critical vulnerabilities are: \n\n\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n * [CVE-2019-1419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1419>)\n * [CVE-2019-1430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1430>)\n * [CVE-2019-1441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1441>)\n\n### Important vulnerabilities\n\nThis release also contains 62 important vulnerabilities, one of which we will highlight below. \n \n[CVE-2019-1020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1020>) is a security feature bypass vulnerability in the Windows secure boot process. An attacker could run a specially crafted application to bypass secure boot and load malicious software. This security update fixes the issue by blocking vulnerable third-party bootloaders. An update also needs to be applied to Windows Defender. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2018-12207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-12207>)\n * [CVE-2019-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>)\n * [CVE-2019-11135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135>)\n * [CVE-2019-1234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234>)\n * [CVE-2019-1309](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1309>)\n * [CVE-2019-1310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1310>)\n * [CVE-2019-1324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1324>)\n * [CVE-2019-1370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1370>)\n * [CVE-2019-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1374>)\n * [CVE-2019-1379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1379>)\n * [CVE-2019-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1380>)\n * [CVE-2019-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1381>)\n * [CVE-2019-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1382>)\n * [CVE-2019-1383](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1383>)\n * [CVE-2019-1384](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1384>)\n * [CVE-2019-1385](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385>)\n * [CVE-2019-1388](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388>)\n * [CVE-2019-1391](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1391>)\n * [CVE-2019-1392](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1392>)\n * [CVE-2019-1393](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1393>)\n * [CVE-2019-1394](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1394>)\n * [CVE-2019-1395](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1395>)\n * [CVE-2019-1396](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1396>)\n * [CVE-2019-1399](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1399>)\n * [CVE-2019-1402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1402>)\n * [CVE-2019-1405](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405>)\n * [CVE-2019-1406](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1406>)\n * [CVE-2019-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1407>)\n * [CVE-2019-1408](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1408>)\n * [CVE-2019-1409](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1409>)\n * [CVE-2019-1411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1411>)\n * [CVE-2019-1412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1412>)\n * [CVE-2019-1413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1413>)\n * [CVE-2019-1415](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1415>)\n * [CVE-2019-1416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1416>)\n * [CVE-2019-1417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1417>)\n * [CVE-2019-1418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1418>)\n * [CVE-2019-1420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1420>)\n * [CVE-2019-1422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1422>)\n * [CVE-2019-1423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1423>)\n * [CVE-2019-1424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1424>)\n * [CVE-2019-1425](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425>)\n * [CVE-2019-1432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1432>)\n * [CVE-2019-1433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1433>)\n * [CVE-2019-1434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1434>)\n * [CVE-2019-1435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1435>)\n * [CVE-2019-1436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1436>)\n * [CVE-2019-1437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1437>)\n * [CVE-2019-1438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1438>)\n * [CVE-2019-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1439>)\n * [CVE-2019-1440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1440>)\n * [CVE-2019-1442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1442>)\n * [CVE-2019-1443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443>)\n * [CVE-2019-1445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1445>)\n * [CVE-2019-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1446>)\n * [CVE-2019-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1447>)\n * [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>)\n * [CVE-2019-1449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1449>)\n * [CVE-2019-1456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1456>)\n * [CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>)\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 46548, 46549, 52205 - 52209, 52212, 52213, 52216, 52217 - 52225, 52228 - 52234, 52239, 52240\n\n", "modified": "2019-11-12T11:58:09", "published": "2019-11-12T11:58:09", "id": "TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/RA0KAo5GE1Y/microsoft-patch-tuesday-nov-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Nov. 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}