{"id": "THREATPOST:D22DCF190C71B12772E59B68DFA9CCD0", "type": "threatpost", "bulletinFamily": "info", "title": "Critical Microsoft Remote Desktop Flaw Fixed in Security Update", "description": "Microsoft released patches for nine critical vulnerabilities as part of its October Patch Tuesday security update, including one for a Remote Desktop bug that could allow a remote attacker to execute code on victims\u2019 machines.\n\nOverall, Microsoft issued fixes for 59 vulnerabilities \u2013 including nine critical, 49 important and one moderate in severity.\n\n\u201cThis month, the Microsoft release is on the smaller side, with security patches for 59 CVEs and no new advisories,\u201d said Dustin Childs, with the Zero Day Initiative. \u201cThe updates cover Microsoft Windows, Internet Explorer, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Microsoft Dynamics 365, Windows Update Assistant and Open Source Software,\u201d he wrote in [his breakdown of Microsoft Patch Tuesday security updates](<https://www.zerodayinitiative.com/blog/2019/10/8/the-october-security-update-review>).\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nOne of the critical flaws highlighted by Childs includes a troublesome remote code execution vulnerability ([CVE-2019-1333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333>)) that \u201cexists in the Windows Remote Desktop Client when a user connects to a malicious server.\u201d\n\nThe flaw specifically involves Remote Desktop client machines that connect to servers via Remote Desktop Protocol (RDP). RDP is a protocol offered by Microsoft \u2013 and used by thousands of enterprises globally \u2013 that allows workers to remotely connect their client machines to servers in order to connect to corporate resources. Remote Desktop clients installed on user machines allow them to connect to a remote server host using the RDP protocol. The vulnerability specifically exists when a RDP client connects to a malicious RDP server.\n\nIn order for the attacker to exploit the vulnerability, an attacker must first compromise a legitimate RDP server by hosting malicious code on it. Next, they must convince the user of a client machine to connect to the server (likely through social engineering). If an attacker is successful, and convinces a client user to connect to the malicious server, he can then remotely send commands to the victim\u2019s machine to installing programs, view and chang data and create new accounts with full user rights, Microsoft said.\n\nVulnerabilities [in Windows Remote Desktop](<https://threatpost.com/wormable-remote-desktop-bugs-august-patch-tuesday/147302/>) continue to plague Microsoft. In July, an infamous critical vulnerability CVE- 2019-0708) was disclosed. The flaw, [called BlueKeep](<https://threatpost.com/fearing-wannacry-level-danger-enterprises-wrestle-with-bluekeep/146727/>), was highly wormable and enabled remote code execution.\n\nHowever, luckily \u201cunlike the infamous BlueKeep RDP vulnerability, (CVE-2019-1333) requires user interaction for an attack to be successful,\u201d said Robert Foggia with Trustwave [in an analysis](<https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/patch-tuesday-october-2019/>). \u201cAn attacker could exploit this vulnerability by convincing a victim to connect to a malicious RDP server.\n\nDespite that, Microsoft still thinks CVE-2019-1333 is a high-risk flaw, [ranking it](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333>) on its \u201cexploitability index\u201d tool as a 1 out of 3, meaning that \u201cexploitation is more likely.\u201d To fix the flaw, Microsoft said that it corrected \u201chow the Windows Remote Desktop Client handles connection requests.\u201d\n\nOn Tuesday, Microsoft also issued an \u201cimportant\u201d fix for a denial-of-service flaw (CVE-2019-1326) in RDP. An attacker could exploit this flaw by connecting to a server using RDP and sending the server specially crafted requests. The requests would cause the RDP service on the vulnerable server to crash.\n\n## Other Critical Flaws\n\nOther critical vulnerabilities of note include two remote code execution flaws (CVE-2019-1238, CVE-2019-1239) in VBScript, the language developed by Microsoft that is modeled on Visual Basic. The vulnerabilities stem from the way VBScript handles memory, and could be exploited to execute arbitrary code on victim\u2019s machine. In order to exploit the flaw, a bad actor would first need to trick users into visiting a specially crafted, malicious website through Internet Explorer.\n\nFour critical memory corruption flaws (CVE-2019-1307, CVE-2019-1308, CVE-2019-1335 and CVE-2019-1366) were patched in the Chakra Scripting Engine, a JavaScript engine developed by Microsoft for its Microsoft Edge web browser.\n\n\u201cAn attacker could use these bugs to corrupt memory on the victim machine in a way that would allow them to remotely execute arbitrary code,\u201d according to Jon Munshaw with Cisco Talos [in an analysis](<https://blog.talosintelligence.com/2019/10/microsoft-patch-tuesday-oct-2019.html>). \u201cA user could trigger these vulnerabilities by visiting a specially crafted, malicious website in Edge.\u201d\n\nAnd, Microsoft patched an elevation of privilege flaw in Azure Stack ([CVE-2019-1372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372>)). This vulnerability stems from the Azure App Service, which fails to properly check the length of a buffer before copying memory to it. That could result in an attacker exploiting this vulnerability \u201cto copy any function run by the user, thereby executing code in the context of NT AUTHORITY/system, which could allow the attacker to escape a sandbox,\u201d according to [Microsoft\u2019s advisory.](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372>)\n\nUnlike its [September](<https://threatpost.com/microsoft-addresses-two-zero-days-under-active-attack/148185/>) and [August](<https://threatpost.com/microsoft-addresses-two-zero-days-under-active-attack/148185/>) Patch Tuesday releases, there are no zero days in this most recent update; Microsoft said that it has not yet seen any of the vulnerabilities exploited in the wild.\n\n**_What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "published": "2019-10-08T19:55:56", "modified": "2019-10-08T19:55:56", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://threatpost.com/critical-microsoft-remote-desktop-flaw-fixed-in-security-update/148982/", "reporter": "Lindsey O'Donnell", "references": ["https://www.zerodayinitiative.com/blog/2019/10/8/the-october-security-update-review", "https://threatpost.com/newsletter-sign/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333", "https://threatpost.com/wormable-remote-desktop-bugs-august-patch-tuesday/147302/", "https://threatpost.com/fearing-wannacry-level-danger-enterprises-wrestle-with-bluekeep/146727/", "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/patch-tuesday-october-2019/", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333", "https://blog.talosintelligence.com/2019/10/microsoft-patch-tuesday-oct-2019.html", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372", "https://threatpost.com/microsoft-addresses-two-zero-days-under-active-attack/148185/", "https://threatpost.com/microsoft-addresses-two-zero-days-under-active-attack/148185/", "https://register.gotowebinar.com/register/9029717654543174147?source=ART", "https://register.gotowebinar.com/register/9029717654543174147?source=ART"], "cvelist": ["CVE-2019-1238", "CVE-2019-1239", "CVE-2019-1307", "CVE-2019-1308", "CVE-2019-1326", "CVE-2019-1333", "CVE-2019-1335", "CVE-2019-1366", "CVE-2019-1372", "CVE-2020-4703", "CVE-2020-4711"], "lastseen": "2020-09-15T22:21:36", "viewCount": 120, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-1239", "CVE-2019-1326", "CVE-2019-1333", "CVE-2019-1307", "CVE-2019-1308", "CVE-2020-4703", "CVE-2019-1335", "CVE-2020-4711", "CVE-2019-1372", "CVE-2019-1366"]}, {"type": "kaspersky", "idList": ["KLA11574", "KLA11575", "KLA11578", "KLA11872", "KLA11655"]}, {"type": "threatpost", "idList": ["THREATPOST:8B35258B1121533D53A2A119EE7F1BF8", "THREATPOST:85363E24CAB31CC66B298BC023E9CF95", "THREATPOST:2E2A527CE2526E42C6E61EC63D6A2FD4", "THREATPOST:08D7AB11C0B2B0668D71ADCEEB94DB1B", "THREATPOST:58F0CFFE45A637210BEDCC774CAE1E7E", "THREATPOST:DC2988E853C0FB5B61D7B7B97EC90D26", "THREATPOST:62D876A38CF65F658A4E0332E90F521A", "THREATPOST:1F6D22609FEB2D5ED40041C09F211A57", "THREATPOST:330FBB8165B31F82A4C03594BB687EE1", "THREATPOST:033645C929899D29D91092278D188D8E", "THREATPOST:B9AF2331426A6FE4C77E9B82F2FE0C87", "THREATPOST:3836E88161C8B7241BD874A7767421F1", "THREATPOST:6F273BE7C5C81E40E6EA08BC776BE137"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_OCT_4520010.NASL", "SMB_NT_MS19_OCT_4520011.NASL", "SMB_NT_MS19_OCT_4517389.NASL", "SMB_NT_MS19_OCT_4519998.NASL", "SMB_NT_MS19_OCT_4520008.NASL", "SMB_NT_MS19_OCT_4520002.NASL", "SMB_NT_MS19_OCT_4520004.NASL", "IBM_SPP_CVE-2020-4703.NASL", "SMB_NT_MS19_OCT_4520007.NASL", "SMB_NT_MS19_OCT_4519338.NASL"]}, {"type": "symantec", "idList": ["SMNTC-110231", "SMNTC-110229", "SMNTC-110228", "SMNTC-110230", "SMNTC-110257", "SMNTC-110238", "SMNTC-110232", "SMNTC-110310", "SMNTC-110271"]}, {"type": "thn", "idList": ["THN:0C7E84207B4D65E7F360B825BEC52DF5", "THN:8DCF845D1AC9E7107BDC3A4BCA6D2723"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:36145D374BE8B413181362F0BD4A4907"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1333", "MS:CVE-2019-1239", "MS:CVE-2019-1372", "MS:CVE-2019-1326", "MS:CVE-2019-1238", "MS:CVE-2019-1335", "MS:CVE-2019-1308", "MS:CVE-2019-1366", "MS:CVE-2019-1307"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815488", "OPENVAS:1361412562310815708", "OPENVAS:1361412562310815492", "OPENVAS:1361412562310815497", "OPENVAS:1361412562310815490", "OPENVAS:1361412562310815487", "OPENVAS:1361412562310815710", "OPENVAS:1361412562310815493", "OPENVAS:1361412562310815486", "OPENVAS:1361412562310815489"]}, {"type": "talosblog", "idList": ["TALOSBLOG:3052A7B74E1E13F630CF51AB1B1A36D6"]}, {"type": "mskb", "idList": ["KB4519974"]}], "modified": "2020-09-15T22:21:36", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2020-09-15T22:21:36", "rev": 2}, "vulnersScore": 7.4}}

{"cve": [{"lastseen": "2020-12-09T22:03:15", "description": "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-09-15T14:15:00", "title": "CVE-2020-4711", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4711"], "modified": "2020-09-16T00:44:00", "cpe": ["cpe:/a:ibm:spectrum_protect_plus:10.1.6"], "id": "CVE-2020-4711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4711", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:15", "description": "IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.", "edition": 5, "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-15T14:15:00", "title": "CVE-2020-4703", "type": "cve", "cwe": ["CWE-434"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-4703"], "modified": "2020-09-16T00:46:00", "cpe": ["cpe:/a:ibm:spectrum_protect_plus:10.1.6"], "id": "CVE-2020-4703", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4703", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:41", "description": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1239", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1239"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2019-1239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1239", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:42", "description": "A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1326", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1326"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2019-1326", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1326", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:42", "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1366", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1366"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:chakracore:-", "cpe:/a:microsoft:edge:-"], "id": "CVE-2019-1366", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1366", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:42", "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1335", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1335"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:chakracore:-", "cpe:/a:microsoft:edge:-"], "id": "CVE-2019-1335", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1335", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:42", "description": "An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1372", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1372"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-1372", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1372", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-10-03T13:38:42", "description": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1333", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1333"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2019-1333", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1333", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:41", "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366.", "edition": 6, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1307", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1307"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2019-1307", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1307", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:41", "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366.", "edition": 6, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-10T14:15:00", "title": "CVE-2019-1308", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1308"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2019-1308", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1308", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T11:51:47", "bulletinFamily": "info", "cvelist": ["CVE-2019-1307", "CVE-2019-1366", "CVE-2019-1356", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-1335", "CVE-2019-1308", "CVE-2019-1239", "CVE-2019-0608", "CVE-2019-1357"], "description": "### *Detect date*:\n10/08/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code.\n\n### *Affected products*:\nChakraCore \nInternet Explorer 10 \nMicrosoft Edge (EdgeHTML-based) \nInternet Explorer 11 \nInternet Explorer 9\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1356](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1356>) \n[CVE-2019-1357](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1357>) \n[CVE-2019-1239](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1239>) \n[CVE-2019-1366](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1366>) \n[CVE-2019-1308](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1308>) \n[CVE-2019-1371](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1371>) \n[CVE-2019-1238](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1238>) \n[CVE-2019-1307](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1307>) \n[CVE-2019-1335](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1335>) \n[CVE-2019-0608](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0608>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-1366](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1366>)0.0Unknown \n[CVE-2019-1308](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1308>)0.0Unknown \n[CVE-2019-1307](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1307>)0.0Unknown \n[CVE-2019-1335](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1335>)0.0Unknown \n[CVE-2019-1356](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1356>)0.0Unknown \n[CVE-2019-1357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1357>)0.0Unknown \n[CVE-2019-1239](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1239>)0.0Unknown \n[CVE-2019-1371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1371>)0.0Unknown \n[CVE-2019-1238](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1238>)0.0Unknown \n[CVE-2019-0608](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0608>)0.0Unknown\n\n### *KB list*:\n[4520010](<http://support.microsoft.com/kb/4520010>) \n[4520008](<http://support.microsoft.com/kb/4520008>) \n[4520007](<http://support.microsoft.com/kb/4520007>) \n[4519998](<http://support.microsoft.com/kb/4519998>) \n[4520005](<http://support.microsoft.com/kb/4520005>) \n[4517389](<http://support.microsoft.com/kb/4517389>) \n[4519338](<http://support.microsoft.com/kb/4519338>) \n[4520011](<http://support.microsoft.com/kb/4520011>) \n[4520004](<http://support.microsoft.com/kb/4520004>) \n[4519976](<http://support.microsoft.com/kb/4519976>) \n[4519974](<http://support.microsoft.com/kb/4519974>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-10-08T00:00:00", "id": "KLA11578", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11578", "title": "\r KLA11578Multiple vulnerabilities in Microsoft Browsers ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:46:20", "bulletinFamily": "info", "cvelist": ["CVE-2019-1372"], "description": "### *Detect date*:\n10/08/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nA remote code execution vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to execute arbitrary code.\n\n### *Affected products*:\nWindows Azure Pack Web Sites V2 \nAzure App Service on Azure Stack\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1372](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1372>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1372>)0.0Unknown\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2019-10-08T00:00:00", "id": "KLA11655", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11655", "title": "\r KLA11655A remote code execution vulnerability in Microsoft Azure ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:42:51", "bulletinFamily": "info", "cvelist": ["CVE-2019-1372", "CVE-2019-1369"], "description": "### *Detect date*:\n10/08/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.\n\n### *Affected products*:\nAzure App Service on Azure Stack \nOpen Enclave SDK \nWindows Azure Pack Web Sites V2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1372](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1372>) \n[CVE-2019-1369](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1369>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1372](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1372>)0.0Unknown \n[CVE-2019-1369](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1369>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4524964](<http://support.microsoft.com/kb/4524964>)", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2019-10-08T00:00:00", "id": "KLA11575", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11575", "title": "\r KLA11575Multiple vulnerabilities in Microsoft Developer Tools ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:48:10", "bulletinFamily": "info", "cvelist": ["CVE-2019-1362", "CVE-2019-1342", "CVE-2019-1319", "CVE-2019-1338", "CVE-2019-1318", "CVE-2019-1341", "CVE-2019-1361", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1365", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1315", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1339", "CVE-2019-1363", "CVE-2019-0608", "CVE-2019-1364"], "description": "### *Detect date*:\n10/08/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extende Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, bypass security restrictions, cause denial of service, obtain sensitive information.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nWindows 10 Version 1903 for x64-based Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2012 \nInternet Explorer 11 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nInternet Explorer 10 \nWindows Server 2012 R2 \nWindows Server 2019\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1358](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1358>) \n[CVE-2019-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1359>) \n[CVE-2019-1238](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1238>) \n[CVE-2019-1315](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1315>) \n[CVE-2019-1371](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1371>) \n[CVE-2019-1166](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1166>) \n[CVE-2019-1338](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1338>) \n[CVE-2019-1339](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1339>) \n[CVE-2019-1318](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1318>) \n[CVE-2019-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1333>) \n[CVE-2019-1319](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1319>) \n[CVE-2019-0608](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0608>) \n[CVE-2019-1346](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1346>) \n[CVE-2019-1344](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1344>) \n[CVE-2019-1342](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1342>) \n[CVE-2019-1341](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1341>) \n[CVE-2019-1361](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1361>) \n[CVE-2019-1363](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1363>) \n[CVE-2019-1362](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1362>) \n[CVE-2019-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1365>) \n[CVE-2019-1364](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1364>) \n[CVE-2019-1325](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1325>) \n[CVE-2019-1326](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1326>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2019-1318](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1318>)0.0Unknown \n[CVE-2019-1339](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1339>)0.0Unknown \n[CVE-2019-1362](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1362>)0.0Unknown \n[CVE-2019-1326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1326>)0.0Unknown \n[CVE-2019-1346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1346>)0.0Unknown \n[CVE-2019-1344](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1344>)0.0Unknown \n[CVE-2019-1315](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1315>)0.0Unknown \n[CVE-2019-1338](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1338>)0.0Unknown \n[CVE-2019-1361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1361>)0.0Unknown \n[CVE-2019-1166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1166>)0.0Unknown \n[CVE-2019-1333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1333>)0.0Unknown \n[CVE-2019-1319](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1319>)0.0Unknown \n[CVE-2019-1364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1364>)0.0Unknown \n[CVE-2019-1341](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1341>)0.0Unknown \n[CVE-2019-1365](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1365>)0.0Unknown \n[CVE-2019-1359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1359>)0.0Unknown \n[CVE-2019-1342](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1342>)0.0Unknown \n[CVE-2019-1358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1358>)0.0Unknown \n[CVE-2019-1363](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1363>)0.0Unknown \n[CVE-2019-1325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1325>)0.0Unknown \n[CVE-2019-1371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1371>)0.0Unknown \n[CVE-2019-1238](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1238>)0.0Unknown \n[CVE-2019-0608](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0608>)0.0Unknown\n\n### *KB list*:\n[4520009](<http://support.microsoft.com/kb/4520009>) \n[4520003](<http://support.microsoft.com/kb/4520003>) \n[4520002](<http://support.microsoft.com/kb/4520002>) \n[4519976](<http://support.microsoft.com/kb/4519976>) \n[4519974](<http://support.microsoft.com/kb/4519974>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-10-08T00:00:00", "id": "KLA11872", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11872", "title": "\r KLA11872Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T12:00:27", "bulletinFamily": "info", "cvelist": ["CVE-2019-1342", "CVE-2019-1336", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1322", "CVE-2019-1378", "CVE-2019-1321", "CVE-2019-1316", "CVE-2019-1326", "CVE-2019-1337", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1323", "CVE-2019-1333", "CVE-2019-1368", "CVE-2019-1325", "CVE-2019-1320", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317"], "description": "### *Detect date*:\n10/08/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions, cause denial of service, execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 for 32-bit Systems \nWindows 8.1 for 32-bit systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2012 R2 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows Server 2019 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows Update Assistant\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1337](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1337>) \n[CVE-2019-1334](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1334>) \n[CVE-2019-1322](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1322>) \n[CVE-2019-1319](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1319>) \n[CVE-2019-1318](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1318>) \n[CVE-2019-1341](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1341>) \n[CVE-2019-1368](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1368>) \n[CVE-2019-1378](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1378>) \n[CVE-2019-1315](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1315>) \n[CVE-2019-1345](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1345>) \n[CVE-2019-1230](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1230>) \n[CVE-2019-1340](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1340>) \n[CVE-2019-1316](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1316>) \n[CVE-2019-1365](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1365>) \n[CVE-2019-1166](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1166>) \n[CVE-2019-1344](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1344>) \n[CVE-2019-1343](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1343>) \n[CVE-2019-1339](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1339>) \n[CVE-2019-1317](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1317>) \n[CVE-2019-1342](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1342>) \n[CVE-2019-1346](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1346>) \n[CVE-2019-1320](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1320>) \n[CVE-2019-1323](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1323>) \n[CVE-2019-1333](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1333>) \n[CVE-2019-1347](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1347>) \n[CVE-2019-1321](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1321>) \n[CVE-2019-1358](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1358>) \n[CVE-2019-1325](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1325>) \n[CVE-2019-1326](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1326>) \n[CVE-2019-1336](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1336>) \n[CVE-2019-1359](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1359>) \n[CVE-2019-1060](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1060>) \n[CVE-2019-1311](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1311>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-1318](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1318>)0.0Unknown \n[CVE-2019-1339](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1339>)0.0Unknown \n[CVE-2019-1368](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1368>)0.0Unknown \n[CVE-2019-1311](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1311>)0.0Unknown \n[CVE-2019-1340](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1340>)0.0Unknown \n[CVE-2019-1326](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1326>)0.0Unknown \n[CVE-2019-1346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1346>)0.0Unknown \n[CVE-2019-1344](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1344>)0.0Unknown \n[CVE-2019-1337](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1337>)0.0Unknown \n[CVE-2019-1320](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1320>)0.0Unknown \n[CVE-2019-1230](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1230>)0.0Unknown \n[CVE-2019-1336](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1336>)0.0Unknown \n[CVE-2019-1322](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1322>)0.0Unknown \n[CVE-2019-1060](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1060>)0.0Unknown \n[CVE-2019-1321](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1321>)0.0Unknown \n[CVE-2019-1315](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1315>)0.0Unknown \n[CVE-2019-1166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1166>)0.0Unknown \n[CVE-2019-1333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1333>)0.0Unknown \n[CVE-2019-1319](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1319>)0.0Unknown \n[CVE-2019-1334](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1334>)0.0Unknown \n[CVE-2019-1345](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1345>)0.0Unknown \n[CVE-2019-1341](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1341>)0.0Unknown \n[CVE-2019-1323](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1323>)0.0Unknown \n[CVE-2019-1347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1347>)0.0Unknown \n[CVE-2019-1365](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1365>)0.0Unknown \n[CVE-2019-1359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1359>)0.0Unknown \n[CVE-2019-1342](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1342>)0.0Unknown \n[CVE-2019-1316](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1316>)0.0Unknown \n[CVE-2019-1358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1358>)0.0Unknown \n[CVE-2019-1378](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1378>)0.0Unknown \n[CVE-2019-1343](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1343>)0.0Unknown \n[CVE-2019-1317](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1317>)0.0Unknown \n[CVE-2019-1325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1325>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4520010](<http://support.microsoft.com/kb/4520010>) \n[4520008](<http://support.microsoft.com/kb/4520008>) \n[4520007](<http://support.microsoft.com/kb/4520007>) \n[4519998](<http://support.microsoft.com/kb/4519998>) \n[4520005](<http://support.microsoft.com/kb/4520005>) \n[4519990](<http://support.microsoft.com/kb/4519990>) \n[4519985](<http://support.microsoft.com/kb/4519985>) \n[4517389](<http://support.microsoft.com/kb/4517389>) \n[4519338](<http://support.microsoft.com/kb/4519338>) \n[4520011](<http://support.microsoft.com/kb/4520011>) \n[4520004](<http://support.microsoft.com/kb/4520004>) \n[4519337](<http://support.microsoft.com/kb/4519337>) \n[4519765](<http://support.microsoft.com/kb/4519765>) \n[4519335](<http://support.microsoft.com/kb/4519335>) \n[4519336](<http://support.microsoft.com/kb/4519336>) \n[4519764](<http://support.microsoft.com/kb/4519764>) \n[4023814](<http://support.microsoft.com/kb/4023814>) \n[4517388](<http://support.microsoft.com/kb/4517388>)", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2019-10-08T00:00:00", "id": "KLA11574", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11574", "title": "\r KLA11574Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-09-17T22:05:00", "bulletinFamily": "info", "cvelist": ["CVE-2020-4703", "CVE-2020-4711"], "description": "Two open-redirect vulnerabilities in Bridge, a commercial WordPress theme purchased more than 120,000 times, would allow an attacker to mount spearphishing attacks against site administrators.\n\nAn open redirect vulnerability can be used to hide malicious links behind URLs for legitimate domains. For instance, a victim could be sent a link to https://legitimatesite.com/redirect.php?url=https://evilsite.com. If they hover over the link, they see only the legitimatesite.com domain \u2014 but if they click on it, they would be taken to evilsite.com without their permission.\n\n\u201cThis is commonly used in phishing scams, since a link to a trustworthy site is much more likely to be clicked than a typical phishing domain,\u201d explained researchers at Wordfence, who discovered the vulnerability, in a [Tuesday posting](<https://www.wordfence.com/blog/2019/10/open-redirect-vulnerability-patched-in-bridge-theme/>). In the case of these specific flaws, \u201can administrator could receive a link to their own website and be taken to a WordPress login page, not knowing they were redirected to a phishing site built to harvest their credentials.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe bugs exist in two of theme\u2019s prepackaged helper plugins, called Qode Instagram Widget and Qode Twitter Feed (Qode Interactive is Bridge\u2019s developer). Users are prompted to install these when installing the Bridge theme itself.\n\nBoth contain redirect scripts which allow open redirects. For Qode Instagram Widget, a script found at lib/instagram-redirect.php takes the GET parameters redirect_uri and code, and combines them into an eventual redirect location.\n\nThe offending code in Qode Twitter Feed is found at lib/twitter-redirect.php and is nearly identical to the Instagram Widget script, researchers said: \u201cNot counting the interchange of \u2018URI\u2019 and \u2018URL\u2019 in the variable names, the only differences are the additional GET parameters required to trigger the redirect.\u201d\n\nQode, which said that the scripts were artifacts of a demonstration mode included in the plugins, has released a patch for both plugins, available in version 2.0.2, which can be applied after users update the Bridge theme itself to version 18.2.1. Unfortunately, Wordfence researchers said that applying the patch is far from intuitive, given that the theme update isn\u2019t available via WordPress\u2019s built-in update notification system.\n\n\u201cUpdating these plugins first requires users to update the Bridge theme. This is done either by manually downloading and installing an updated copy of the theme from ThemeForest, or by using the Envato Market plugin which also comes bundled with the Bridge theme to update from within the WordPress dashboard,\u201d they explained in the posting. \u201cOnce the Envato Market plugin is installed, you can open its menu in the dashboard and set up your site\u2019s API access to the Envato Marketplace. This will require you to log in to the account you used to purchase the Bridge theme and generate an access token using the steps they provide.\u201d\n\nOnce Bridge has been updated, the individual plugin entries will show an \u201cUpdate Required\u201d link.\n\nUsers can also simply delete instagram-redirect.php and twitter-redirect.php from their sites, which takes care of the problem \u2013 but WordPress users should probably keep their plugins updated anyway given that these are a prime attack vector for cybercriminals.\n\nWordfence researchers said that Qode users aren\u2019t very good about patching, with its analysis showing that 38 percent of active Qode Instagram Widget installations haven\u2019t been updated in more than two years; that number jumps to 68 percent for Qode Twitter Feed users.\n\n_**What are the top cybersecurity issues associated with privileged account access and credential governance? Experts from Thycotic on Oct. 23 will discuss during our upcoming free **_[_**Threatpost webinar**_](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)_**, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d **_[_**Click here to register**_](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)_**.**_\n", "modified": "2019-10-22T19:44:03", "published": "2019-10-22T19:44:03", "id": "THREATPOST:6F273BE7C5C81E40E6EA08BC776BE137", "href": "https://threatpost.com/open-redirect-bug-bridge-theme/149437/", "type": "threatpost", "title": "Open Redirect Bug in Bridge Theme Plugin Opens Admins to Spearphishing", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-16T21:49:46", "bulletinFamily": "info", "cvelist": ["CVE-2020-4703", "CVE-2020-4711"], "description": "IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney\u2019s office after a [2019 lawsuit alleged](<https://threatpost.com/lawsuit-weather-channel-location-data/140579/>) that the app was deceiving its users in how it was using their geolocation data.\n\nThe [2019 lawsuit claimed,](<https://filedn.com/lOJqn8isbUNJvUBnJTlV5OS/OTHER%20DOCUMENTS/New%20folder/ADDITIONAL%20PDFS/LAWSUIT%20AGAINST%20THE%20WEATHER%20CHANNEL%20APP%20TWC%20JANUARY%203%202019.pdf>) the app\u2019s permission prompt for users to share their geolocation data did not make them aware that it was also selling that data to third-party companies. Instead, users were led to believe that the collected location data would be for the sole purpose of personalized forecasts and alerts, according to the lawsuit.\n\nThe Weather Channel [in the ensuing settlement](<https://filedn.com/lOJqn8isbUNJvUBnJTlV5OS/Weather%20Channel%20App%20Aug%202020.pdf>), released this week, argued that it disclosed this information to its 45 million monthly users via its online privacy policy.\n\n\u201cThe Weather Company has always been transparent about its use of location data,\u201d an IBM spokesperson told Threatpost. \u201cWe fundamentally disagreed with this lawsuit from the start, and during the case we showed that the claims were baseless. However, in recognition of IBM\u2019s long-standing relationship with Los Angeles and our history of providing technology solutions to improve its operations, we are donating technology to help the city and county deal with COVID-19 relief and contact tracing efforts.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nRegardless, according to Los Angeles City Attorney Mike Feuer, under the settlement IBM agreed to revise their data privacy disclosures, which he said will help \u201censure transparency and informed consent.\u201d They will do so by changing the permission prompts presented to users when they decide whether to allow location tracking.\n\n\u201cPersonal privacy in the digital age is one of the most pressing issues of the 21st Century,\u201d said Los Angeles City Attorney Mike Feuer in [a Wednesday statement](<https://www.lacityattorney.org/post/city-attorney-feuer-settles-digital-privacy-lawsuit-against-the-weather-channel-app>). \u201cOur successful work to ensure meaningful consumer notice and consent and to hold The Weather Channel App accountable puts other Apps on notice: We\u2019re monitoring their practices and will continue to be vigilant in fighting for consumers.\u201d\n\nThe lawsuit comes on the heels of a groundbreaking 2018 New York Times [investigation](<https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html?smid=tw-share>) that outed 75 companies \u2013 including the Weather Channel app \u2013 for misleading consumers about data collection and selling location data to advertisers. It shed light on how companies are expected to relay their policies around collecting and using data.\n\nIn The Weather Channel\u2019s case, the app did disclose how it was using the data in its privacy policy \u2013 but the lawsuit argues that the average user doesn\u2019t take the time to sift through the fine print on these policies.\n\n\u201cLocation is a sensitive matter, however, and consumers need to understand how their location is being used and to what extent their information is being shared,\u201d Stephen Banda, senior manager with Security Solutions at Lookout, told Threatpost. \u201cA quick look at an app\u2019s permissions on the Google Play store will show if exact or precise location is used. Unfortunately, beyond this information, the onus is on the end-user to further validate the privacy policy details and how their information is being used before accepting the usage terms.\u201d\n\nData privacy has continued to make headlines over the past year \u2013 particularly how geolocation data is collected, stored and utilized when it comes to the apps and services used by consumers carrying their phones around with them. In a 2019 incident, an Associated Press report claimed that the Google services prevalent on both Android and iOS phones \u2013 including Google Maps \u2013 [store location data](<https://threatpost.com/google-services-track-user-movements-in-privacy-faux-pas/135078/>), despite device users opting out. The report resulted in Google also being slapped by a [lawsuit](<https://threatpost.com/google-faces-legal-turmoil-after-location-tracking-debacle/136722/>), alleging that the tech giant violated both California\u2019s Constitutional Right to Privacy as well as California\u2019s Invasion of Privacy Act.\n\nSteve Durbin, managing director of the Information Security Forum, told Threatpost that these types of regulatory efforts \u2013 and subsequent fines that companies are receiving for violating them \u2013 are forcing companies to re-evaluate the transparency of their privacy policies.\n\n\u201cWith all of the focus on breaches and the loss of personal data, it is understandable that the main attention for organizations today seems to have shifted to data privacy,\u201d he said. \u201cWe are seeing a growth in legislative requirements to protect personal information along with the associated fines and sanctions for non-compliance.\u201d\n\n_It\u2019s the age of remote working, and businesses are facing new and bigger cyber-risks \u2013 whether it\u2019s collaboration platforms in the crosshairs, evolving insider threats or issues with locking down a much broader footprint. Find out how to address these new cybersecurity realities with our complimentary _[_Threatpost eBook_](<https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/?utm_source=ART&utm_medium=articles&utm_campaign=fp_ebook>)**_, 2020 in Security: Four Stories from the New Threat Landscape_**_, presented in conjunction with Forcepoint. We redefine \u201csecure\u201d in a work-from-home world and offer compelling real-world best practices. _[_Click here to download our eBook now_](<https://threatpost.com/ebooks/2020-in-security-four-stories-from-the-new-threat-landscape/?utm_source=ART&utm_medium=articles&utm_campaign=fp_ebook>)_._\n", "modified": "2020-08-20T19:41:10", "published": "2020-08-20T19:41:10", "id": "THREATPOST:DC2988E853C0FB5B61D7B7B97EC90D26", "href": "https://threatpost.com/ibm-settles-lawsuit-over-weather-channel-app-data-privacy/158529/", "type": "threatpost", "title": "IBM Settles Lawsuit Over Weather Channel App Data Privacy", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-10-08T22:34:58", "bulletinFamily": "info", "cvelist": ["CVE-2019-16011", "CVE-2020-4703", "CVE-2020-4711"], "description": "Cisco has patched a high-severity vulnerability in its router software, which if exploited could enable a local, authenticated attacker to execute arbitrary commands with root privileges.\n\nThe flaw exists in Cisco IOS XE. This Linux-based version of Cisco\u2019s Internetworking Operating System (IOS) is used in Cisco software-defined wide area network (SD-WAN) routers. Affected routers include the Aggregation Services Routers (ASR) 1000 models, Integrated Services Routers (ISR) 1000 models, ISR 4000 models and Cloud Services Router 1000V models. These are all used by small businesses and enterprises alike.\n\n\u201cThe Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability,\u201d according to Cisco\u2019s [Wednesday advisory.](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwcinj-AcQ5MxCn>)\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe flaw exists in the command line interface (CLI) utility of Cisco IOX XE, used to configure the network device. The CLI does not sufficiently validate input commands. An attacker could exploit this vulnerability by authenticating to the device and submitting a crafted input to the CLI utility, according to Cisco.\n\n\u201cThe attacker must be authenticated to access the CLI utility,\u201d according to Cisco. \u201cA successful exploit could allow the attacker to execute commands with root privileges.\u201d\n\nThe flaw (CVE-2019-16011) has a CVSS 3.0 score of 7.8 out of 10, which makes it high severity. Fixed releases for Cisco IOS XE SD-WAN are below.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/29150521/fix-cisco.png>)\n\nJulien Legras and Thomas Etrillard of Synacktiv were credited for reporting the flaw.\n\nCisco\u2019s IOS XE software has had its fair share of security issues. In March, Cisco issued [24 patches](<https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities>) tied to vulnerabilities in its IOS XE operating system. The networking giant in January [also released fixes](<https://threatpost.com/cisco-webex-bug-allows-remote-code-execution/151724/>) for another high-severity glitch in the web user interface of Cisco IOS and Cisco IOS XE Software.\n\nLast July, Cisco patched a [high-severity vulnerability in IOS XE](<https://threatpost.com/high-severity-cisco-flaw-in-ios-xe-enables-device-takeover/145645/>), which could enable a remote attacker to reconfigure or execute commands on impacted devices. And in August, a [critical remote authentication-bypass vulnerability](<https://threatpost.com/critical-cisco-bug-remote-takeover-routers/147826/>) \u2013 with the highest possible severity level of 10 out of 10 on the CvSS scale \u2013 was found in the Cisco REST API virtual service container for Cisco IOS XE Software.\n\n**_Inbox security is your best defense against today\u2019s fastest growing security threat \u2013 phishing and Business Email Compromise attacks. [On May 13 at 2 p.m. ET](<https://register.gotowebinar.com/register/5064791868226032141?source=ART>), join Valimail security experts and Threatpost for a FREE webinar, [5 Proven Strategies to Prevent Email Compromise](<https://register.gotowebinar.com/register/5064791868226032141?source=ART>). Get exclusive insights and advanced takeaways on how to lockdown your inbox to fend off the latest phishing and BEC assaults. Please [register here ](<https://register.gotowebinar.com/register/5064791868226032141?source=ART>)for this sponsored webinar._**\n\n_**Also, don\u2019t miss our latest on-demand webinar from DivvyCloud and Threatpost, **_[_**A Practical Guide to Securing the Cloud in the Face of Crisis**_](<https://attendee.gotowebinar.com/register/4136632530104301068?source=art>)_**, with critical, advanced takeaways on how to avoid cloud disruption and chaos.**_\n", "modified": "2020-04-29T20:37:36", "published": "2020-04-29T20:37:36", "id": "THREATPOST:58F0CFFE45A637210BEDCC774CAE1E7E", "href": "https://threatpost.com/cisco-ios-xe-flaw-sd-wan-routers/155319/", "type": "threatpost", "title": "High-Severity Cisco IOS XE Flaw Threatens SD-WAN Routers", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-15T22:21:04", "bulletinFamily": "info", "cvelist": ["CVE-2019-6333", "CVE-2020-4703", "CVE-2020-4711"], "description": "A security flaw, discovered in an open-source software program that is a key component of HP\u2019s TouchPoint Analytics service, is opening up a wide swath of HP computers to attack. The vulnerability, if exploited by local attackers with administrative privileges, can allow them to execute arbitrary code on victim systems.\n\nThe affected software, [Open Hardware Monitor](<https://openhardwaremonitor.org>), monitors temperature sensors, fan speeds, voltages, load and clock speeds of a computer. It is utilized by tens of millions of computers and is a key third-party component of HP Touchpoint Analytics, said researchers with SafeBreach Labs, who discovered the flaw.\n\nHP TouchPoint Analytics is a service that anonymously collects diagnostic information about hardware performance. The service is pre-installed on most HP PCs, meaning the flaw has a wide attack surface, said researchers.\n\n\u201cA number of potential attacks could result from exploiting this vulnerability giving attackers the ability to load and execute malicious payloads using a signed service, effectively whitelisting those applications,\u201d said Peleg Hadar, security researcher with SafeBreach Labs in a [Thursday advisory](<https://safebreach.com/Events-Post/295/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333>).\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe vulnerability (CVE-2019-6333) has a CVSS score of 6.7 out of 10.0, which translates to medium severity. However researchers say that they view the flaw as critical. Under a post-infection scenario an adversary could use the flaw to surreptitiously carry out attacks.\n\n\u201cIt\u2019s important to keep perspective here, we\u2019re not claiming this is a critical issue from a measurement standpoint of view,\u201d Itzik Kotler, co-founder and CTO at SafeBreach, told Threatpost. \u201cWe\u2019re using the term loosely in a marketing context. [We\u2019re] aware this vulnerability and the existing condition required to exploit it are not trivial/end of the world.\u201d\n\n## The Vulnerability\n\nThe main attack vector is DLL hijacking, a way for attackers to execute unexpected code on machines.\n\nDLL (Dynamic Link Library) is a file that contains a library of functions, which can be accessed and uploaded to a program. DLL hijacking is launched if attackers can get a file on machines (by social engineering or local access). That file could be executed when the user runs an application that is vulnerable to DLL hijacking.\n\nIn this situation, Open Hardware Monitor does not properly check DLLs before loading them.\n\n\u201cIn order to leverage this vulnerability, the attacker needs to drop a file to a certain folder. In some cases the attacker won\u2019t need to be an Administrator and in some cases he will need admin privileges,\u201d Peleg told Threatpost.\n\nOnce Open Hardware Monitor is loaded, it launches a third-party library (OpenHardwareMonitorLib.dll). This library has the ability to collect data from different hardware sources. However, researchers found that the service loaded unmanaged DLL files without verifying if they are safe or not.\n\n\u201cThe library tried to load the mentioned unmanaged DLL files using DllImportAttribute,\u201d said researchers. \u201cThe problem is that it used only the filename of the DLL, instead of an absolute path\u2026 And no digital certificate validation is made against the binary. The program doesn\u2019t validate whether the DLL that it is loading is signed. Therefore, it can load an arbitrary unsigned DLL.\u201d\n\nThat could allow attackers to load arbitrary DLLs through Open Hardware Monitor and, because the service is pre-installed on HP Touchpoint Analytics, which has the highest level of persmissions on HP PCs (NT AUTHORITY\\SYSTEM), code can be executed onto the systems.\n\nOnce abused, the vulnerability could allow an attacker to launch an array of other malicious activities.\n\n\u201cThe capability for \u2018Application Whitelisting Bypass\u2019 and \u2018Signature Validation Bypassing\u2019 might be abused by an attacker for different purposes such as execution and evasion, to name two,\u201d researchers said. \u201cUsing Open Hardware Monitor\u2019s driver, which has the highest level of privileges in the operating system, an attacker can exploit this vulnerability and will be able to read and write to hardware memory.\u201d\n\nThe flaw was first reported to HP on July 4 and on Oct. 4, HP published a [security advisory](<https://support.hp.com/us-en/document/c06463166>) for the flaw. On Thursday, SafeBreach Labs researchers published public details of the vulnerability.\n\nHP did not respond to a request for comment from Threatpost.\n\n**_What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "modified": "2019-10-10T13:00:12", "published": "2019-10-10T13:00:12", "id": "THREATPOST:330FBB8165B31F82A4C03594BB687EE1", "href": "https://threatpost.com/hp-touchpoint-analytics-opens-pcs-to-code-execution-attack/149069/", "type": "threatpost", "title": "HP Touchpoint Analytics Opens PCs to Code Execution Attack", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-15T22:21:25", "bulletinFamily": "info", "cvelist": ["CVE-2019-11932", "CVE-2020-4703", "CVE-2020-4711"], "description": "A security researcher has identified a flaw in the popular WhatsApp messaging platform on Android devices, which could allow attackers to launch privilege elevation and remote code execution (RCE) attacks on victims.\n\nExploiting the flaw\u2014[described in a Wednesday post](<https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/>) on GitHub by a Singapore-based \u201ctechnologist and an information security enthusiast\u201d called Awakened \u2013 is a rather complicated affair. An attack involves a bad actor sending a malicious GIF file to a victim via \u201cany channel,\u201d whether it\u2019s an email or in a direct message on WhatsApp. After a victim has downloaded the GIF file onto his device, the second step happens when he opens the WhatsApp Gallery in order to send a media file to another user from WhatsApp (the victim doesn\u2019t need to actually send anything, just open the WhatsApp Gallery).\n\nThat\u2019s when the attack is triggered, according to Awakened. \u201cSince WhatsApp shows previews of every media (including the GIF file received), it will trigger the double-free bug and our RCE exploit,\u201d the researcher wrote.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe exploit works on Android 8.1 and 9.0 until WhatsApp version 2.19.230, but does not work for Android 8.0 and below, although the bug potentially still could be triggered in these versions, according to Awakened.\n\nThe researcher informed Facebook of the bug and the company has since released an official patch for the app in WhatsApp version 2.19.244, according to Awakened. The researcher advised users to update to this version to \u201cstay safe from this bug.\u201d\n\n## The Flaw\n\nA double-free bug (CVE-2019-11932) relies on calling to the same memory location twice, which can either crash an app or open a vulnerability.\n\nIn this case, when a WhatsApp user opens the Gallery view to send a media file, WhatsApp parses it with a native [open-source library](<https://github.com/koral%E2%80%93/android-gif-drawable/tree/dev/android-gif-drawable/src/main/c.>) called _libpl_droidsonroids_gif.so _to generate the preview of the GIF file, which contains multiple encoded frames, according to Awakened.\n\n\u201cTo store the decoded frames, a buffer with name rasterBits is used,\u201d the researcher wrote. \u201cIf all frames have the same size, rasterBits is re-used to store the decoded frames without re-allocation.\u201d\n\nHowever, if one of three conditions is met, rasterBits could be re-allocated, which can trigger an event that allows an attacker to exploit the vulnerability, according to Awakened.A [video](<https://drive.google.com/file/d/1T-v5XG8yQuiPojeMpOAG6UGr2TYpocIj/view>) demo also is available online showing how the attack works.\n\nOnce exploited, there are two attack vectors that attackers can leverage, according to Awakened. The first is local privilege escalation, in which a malicious app is installed on the device that collects addresses of zygote libraries (zygote is the template process for each app and service started on the device) and generates a malicious GIF file that results in code execution in WhatsApp context.\n\n\u201cThis allows the malware app to steal files in WhatsApp sandbox including message database,\u201d the researcher wrote.\n\nThe second option is the aforementioned RCE, in which an attacker pairs with an application that has a remote memory information disclosure vulnerability to collect the addresses of zygote libraries and craft a malicious GIF file. This then can be sent to the user via WhatsApp as an attachment, according to the post.\n\n\u201cAs soon as the user opens the Gallery view in WhatsApp \u2026 the GIF file will trigger a remote shell in WhatsApp context,\u201d the researcher wrote.\n\nThe flaw is the latest of a flurry of vulnerabilities found in recent months on the messaging app used daily by 300 million people worldwide. In May researchers identified a [zero-day flaw](<https://threatpost.com/whatsapp-zero-day-exploited-in-targeted-spyware-attacks/144696/>) that could allow attackers to inject spyware onto user\u2019s machines. Then in July, a [developer-coding flaw](<https://threatpost.com/whatsapp-telegram-coding-blunders-media-files/146489/>) was found that allows cyber attackers to intercept media files sent on the Android platform.\n\n**_What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "modified": "2019-10-03T13:04:23", "published": "2019-10-03T13:04:23", "id": "THREATPOST:3836E88161C8B7241BD874A7767421F1", "href": "https://threatpost.com/whatsapp-flaw-opens-android-devices-to-remote-code-execution/148888/", "type": "threatpost", "title": "WhatsApp Flaw Opens Android Devices to Remote Code Execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-15T22:21:15", "bulletinFamily": "info", "cvelist": ["CVE-2019-16920", "CVE-2020-4703", "CVE-2020-4711"], "description": "D-Link won\u2019t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code.\n\nThe vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet\u2019s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are [still available as new](<https://www.amazon.com/gp/offer-listing/B008PBU5GA/ref=dp_olp_all_mbc?ie=UTF8&condition=all>) via third-party sellers).\n\nThe root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function.\n\nFortinet describes this as a \u201ctypical security pitfall suffered by many firmware manufacturers.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nExploiting the issue starts with the log-in functionality on the admin page for the router. The log-in function is performed using the URI /apply_sec.cgi function \u2013 it extracts the value of \u201ccurrent_user\u201d and \u201cuser_username\u201d from the Non-Volatile Random Access Memory (NVRAM), which is a type of RAM that retains data after a device\u2019s power is turned off.\n\nThe function then compares the value of the current_user with the value of the variable acStack160.\n\n\u201cThe current_user value in NVRAM will be set only after a successful user login, so by default its value is not initialized,\u201d Fortinet researcher Thanh Nguyen Nguyen explained in a [recent write-up](<https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html>). \u201cThe value of acStack160 is the result of base64encode(user_username), and by default the user_username is set to \u2018user,\u2019 so there is no way the iVar2 can return a value of 0, so it won\u2019t return to the error.asp page.\u201d\n\nUltimately, an attacker can perform any action in the SSC_SEC_OBJS array under the \u201c/apply_sec.cgi\u201d path, according to Nguyen.\n\nFor successful exploitation, \u201cwe implement the POST HTTP Request to \u2018apply_sec.cgi\u2019 with the action ping_test,\u201d he said. \u201cWe then perform the command injection in ping_ipaddr. Even if it returns the login page, the action ping_test is still performed \u2013 the value of ping_ipaddr will execute the \u201cecho 1234\u2033 command in the router server and then send the result back to our server.\u201d\n\nAt this point, attackers could retrieve the admin password, or install their own backdoor onto the server \u2013 which would allow them to install malware, snoop on traffic flowing through the router and potentially move through the home network to reach and infect other devices.\n\nWith no patch available, affected users should upgrade their devices as soon as possible.\n\nD-Link is no stranger to vulnerabilities; in September, researchers [discovered vulnerabilities](<https://threatpost.com/vulnerabilities-in-d-link-comba-routers-can-leak-credentials/148150/>) in D-Link routers that can leak passwords for the devices, and which have the potential to affect every user on networks that use them for access. And in May, a researcher found attackers [using the Google Cloud Platform](<https://threatpost.com/hackers-abuse-google-cloud-platform-to-attack-d-link-routers/143492/>) to carry out three separate waves of DNS hijacking attacks against vulnerable D-Link and other consumer routers.\n\n**_What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "modified": "2019-10-07T18:16:31", "published": "2019-10-07T18:16:31", "id": "THREATPOST:8B35258B1121533D53A2A119EE7F1BF8", "href": "https://threatpost.com/d-link-home-routers-unpatched/148941/", "type": "threatpost", "title": "D-Link Home Routers Open to Remote Takeover Will Remain Unpatched", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-17T22:05:46", "bulletinFamily": "info", "cvelist": ["CVE-2019-0163", "CVE-2019-14569", "CVE-2019-14570", "CVE-2020-4703", "CVE-2020-4711"], "description": "Chip giants Intel and Nvidia have stomped out high-severity flaws in two popular products, both commonly used by gamers. Impacted are the Nvidia Shield TV and Intel NUC (short for Next Unit of Computing) mini-PC kit.\n\nNvidia Shield TV is a media streaming box (powered by Nvidia\u2019s Tegra X1 system-on-chip) that runs on the Android operating system and can be used for gaming and media streaming. Intel\u2019s NUC mini-PC kit offers processing, memory and storage capabilities for applications like gaming, digital signage and media centers.\n\nThe dual security advisories, released separately by each company on Tuesday, address a total of four high-severity flaws. That includes two glitches in the [Nvidia Shield](<https://nvidia.custhelp.com/app/answers/detail/a_id/4875>) that could enable code execution, denial of service, escalation of privileges, and information disclosure, as well as two vulnerabilities in the [Intel NUC](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html>) that could allow escalation-of-privilege, denial-of-service or information disclosure.\n\n## Nvidia Shield TV\n\nNvidia Shield TV is plagued by two vulnerabilities that affect versions of the device prior to 8.0.1 and are running on Android Pie (the Android OS released in 2018). Both flaws rank 7.6 out of 10.0 on the CVSS scale, making them high-severity.\n\n\u201cThis update addresses issues that may lead to information disclosure, denial of service, code execution, or escalation of privileges,\u201d said Nvidia in a Tuesday release. \u201cTo protect your system, download and install this software update through Settings&gt;About&gt;System update.\u201d\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/10/09125035/shield-product-specs-family-1290x450-d.jpg>)\n\nThe first flaw (CVE\u20112019\u20115699) stems from the bootloader in the Nvidia Tegra SoC of Nvidia Shield TV. This is the piece of code that runs before an operating systems starts to run, and loads the operating system when a computer turns on.\n\nThe issue is due to the software performing an incorrect bounds check. Bounds checking is a method of detecting whether a variable is within \u201cbounds\u201d before it is used in the memory buffer, which is a region of a physical memory storage. This flaw can lead to a buffer overflow; when more data is sent to a memory block (buffer) than it can hold. Attackers could leverage this flaw to launch escalation-of-privilege and code-execution attacks.\n\nThe other flaw (CVE\u20112019\u20115700) exists in how the bootloader interacts with the boot image, a type of disk image that provides critical files necessary to load the device.\n\nThe boot image typically contains a field that indicates a header version; the bootloader must check this header version field and parse the header accordingly. However, according to Nvidia, the bootloader in the vulnerable versions does not correctly validate the fields of the boot image. This glitch can lead to code execution, denial-of-service, escalation-of-privilege and information disclosure.\n\nNvidia did not release further details about what types of privileges attackers would need to launch an exploit for the flaws, or whether they would need to be local or remote. However, Nvidia recommends that Shield TV users update to version 8.0.1 as soon as possible.\n\n## Intel NUC\n\nThe two high-severity vulnerabilities in Intel\u2019s NUC ([CVE-2019-14569](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14569>) and [CVE-2019-14570](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14570>)) meanwhile could enable a local attacker to launch an array of malicious attacks.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2019/04/09153935/intel-nuc-.png>)\n\nIntel NUC\n\n\u201cPotential security vulnerabilities in system firmware for Intel NUC may allow escalation-of-privilege, denial-of-service and/or information disclosure,\u201d said Intel, in a [Tuesday advisory](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00296.html>). \u201cIntel is releasing firmware updates to mitigate these potential vulnerabilities.\u201d\n\nBoth vulnerabilities are 7.5 out of 10 on the CVSS scale, making them high-severity. To exploit either flaw, an attacker would need to be local, and already have existing permissions as a user of the NUC (meaning they need to be able to log into the NUC using user credentials).\n\nOne of the vulnerabilities (CVE-2019-14569) stems from pointer corruption in the system firmware for the NUC (a pointer is a programming language variable that stores/points the memory address of another variable). This could allow an attacker to gain privilege escalation, carry out denial-of-service or perform information disclosure.\n\nThe other bug (CVE-2019-14570) comes from a memory-corruption issue in the system firmware of the Intel NUC, which could allow a privileged user to potentially enable escalation-of-privilege, denial-of-service or information disclosure.\n\nImpacted products include the NUC 8 mainstream game kit and game mini computer, the Intel NUC Board DE3815TYBE (H26998-500 &amp; later), NUC Kit DE3815TYKHE (H27002-500 &amp; later), NUC Board DE3815TYBE, NUC Kit DE3815TYKHE and NUC Kit DN2820FYKH.\n\nSecurity researcher Alexander Ermolov was credited with discovering the flaws.\n\nVulnerabilities continue to crop up in the NUC \u2013 [in April](<https://threatpost.com/intel-patches-high-severity-flaws-in-media-sdk-mini-pc/143638/>), Intel slapped a high-severity NUC vulnerability ([CVE-2019-0163](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0163>)) that could enable escalation of privilege, denial of service, and information disclosure for impacted systems; [while in June](<https://threatpost.com/intel-patches-nuc-firmware/145620/>), Intel patched seven high-severity vulnerabilities in the system firmware of its Intel NUC.\n\n**_What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "modified": "2019-10-09T19:07:11", "published": "2019-10-09T19:07:11", "id": "THREATPOST:1F6D22609FEB2D5ED40041C09F211A57", "href": "https://threatpost.com/gamers-high-severity-intel-nvidia-flaws/149034/", "type": "threatpost", "title": "Gamers Warned of High-Severity Intel, Nvidia Flaws", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-10-15T22:13:56", "bulletinFamily": "info", "cvelist": ["CVE-2020-24400", "CVE-2020-24407", "CVE-2020-4470", "CVE-2020-4703", "CVE-2020-4711", "CVE-2020-5135"], "description": "IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue\u2019s security tool found under the umbrella of its Spectrum data storage software branding. The flaws can be exploited by remote attackers to execute code on vulnerable systems.\n\nIBM Spectrum Protect Plus is a data-protection solution that provides near-instant recovery, replication, reuse and self-service for virtual machines. The vulnerabilities (CVE-2020-4703 and CVE-2020-4711) affect versions 10.1.0 through 10.1.6 of IBM Spectrum Protect Plus.\n\n[](<https://threatpost.com/webinars/five-essentials-for-running-a-successful-bug-bounty-program/>)\n\nClick to Register\n\nThe more serious of the two flaws (CVE-2020-4703) exists in IBM Spectrum Protect Plus\u2019 Administrative Console and could allow an authenticated attacker to upload arbitrary files \u2013 which could then be used to execute arbitrary code on the vulnerable server, according to researchers with Tenable, who discovered the flaws, [in a Monday advisory](<https://www.tenable.com/security/research/tra-2020-54>). The bug ranks 8 out of 10 on the CVSS scale, making it high-severity.\n\nThis vulnerability is due to an incomplete fix for CVE-2020-4470, a high-severity flaw [that was previously disclosed in June](<https://nvd.nist.gov/vuln/detail/CVE-2020-4470>). An exploit for CVE-2020-4470 involves two operations, Tenable researchers said: \u201cThe first operation is to upload a malicious RPM package to a directory writable by the administrator account by sending an HTTP POST message to URL endpoint https://&lt;spp_host&gt;:8090/api/plugin,\u201d they said. \u201cThe second operation is to install the malicious RPM by sending an HTTP POST message to URL endpoint http://&lt;spp_host&gt;:8090/emi/api/hotfix.\u201d\n\nBut IBM\u2019s ensuing fix for CVE-2020-4470 only addressed the second operation by enforcing authentication for the /emi/api/hotfix endpoint. Researchers found, it was still possible to upload unauthenticated arbitrary files to a directory writable by the administrator account, under which the endpoint handlers run \u2013 paving the way for code execution on vulnerable systems.\n\n\u201cThe attacker can put malicious content (i.e., scriptlets) in the RPM and and issue a \u2018sudo /bin/rpm -ivh /tmp/&lt;uploaded_malicious_rpm&gt;\u2019 command to the webshell, achieving unauthenticated RCE as root,\u201d said researchers.\n\nThe second flaw, CVE-2020-4711, exists in a script (/opt/ECX/tools/scripts/restore_wrapper.sh) within Spectrum Protect Plus. A directory path check within this function can be bypassed via path traversal. An unauthenticated, remote attacker can exploit this issue by sending a specially crafted HTTP request to a specially-crafted URL endpoint (https://&lt;spp_host&gt;:8090/catalogmanager/api/catalog), Tenable researchers said.\n\nThat endpoint doesn\u2019t require any authentication (when the cmode parameter is the restorefromjob method). When the request has been sent, the endpoint handler instead calls a method (com.catalogic.ecx.catalogmanager.domain.CatalogManagerServiceImpl.restoreFromJob) without checking for user credentials. The restoreFromJob method then executes the /opt/ECX/tools/scripts/restore_wrapper.sh script as root \u2013 allowing the attacker to view arbitrary files on the system.\n\nTenable researchers discovered the flaws on July 31 and reported them to IBM on Aug. 18. IBM released the patches and an advisory disclosing the flaws on Monday. Threatpost has reached out to IBM for further comment.\n\nIn recent months, various IBM products have been found to have security vulnerabilities. In August, a shared-memory flaw was discovered in [IBM\u2019s next-gen data-management software](<https://threatpost.com/ibm-ai-powered-data-management-software-subject-exploit/158497/>) that researchers said could lead to other threats \u2014 as demonstrated by a new proof-of-concept exploit for the bug.\n\nAnd in April, four serious security vulnerabilities in [the IBM Data Risk Manager](<https://threatpost.com/rce-exploit-ibm-data-risk-manager-no-patch/154986/>) (IDRM) were identified that can lead to unauthenticated remote code execution (RCE) as root in vulnerable versions, according to analysis \u2013 and a proof-of-concept exploit is available.\n\n[**On Wed Sept. 16 @ 2 PM ET:**](<https://threatpost.com/webinars/five-essentials-for-running-a-successful-bug-bounty-program/>)** Learn the secrets to running a successful Bug Bounty Program. **[**Register today**](<https://slack-redir.net/link?url=https%3A%2F%2Fthreatpost.com%2Fwebinars%2Ffive-essentials-for-running-a-successful-bug-bounty-program%2F>)** for this FREE Threatpost webinar \u201c**[**Five Essentials for Running a Successful Bug Bounty Program**](<https://slack-redir.net/link?url=https%3A%2F%2Fthreatpost.com%2Fwebinars%2Ffive-essentials-for-running-a-successful-bug-bounty-program%2F>)**\u201c. Hear from top Bug Bounty Program experts how to juggle public versus private programs and how to navigate the tricky terrain of managing Bug Hunters, disclosure policies and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this **[**LIVE**](<https://slack-redir.net/link?url=https%3A%2F%2Fthreatpost.com%2Fwebinars%2Ffive-essentials-for-running-a-successful-bug-bounty-program%2F>)** webinar.**\n", "modified": "2020-09-15T19:08:13", "published": "2020-09-15T19:08:13", "id": "THREATPOST:033645C929899D29D91092278D188D8E", "href": "https://threatpost.com/ibm-flaws-spectrum-protect-plus/159268/", "type": "threatpost", "title": "IBM Spectrum Protect Plus Security Open to RCE", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-15T22:20:47", "bulletinFamily": "info", "cvelist": ["CVE-2019-12636", "CVE-2019-15260", "CVE-2019-15261", "CVE-2019-15262", "CVE-2019-15264", "CVE-2020-4703", "CVE-2020-4711"], "description": "Cisco Systems has released a security update stomping out critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points (APs) used by mid-size enterprises in their offices or small warehouses.\n\nIt also issued a slew of additional patches addressing other flaws in its products.\n\nThe most severe of the AP bugs is a critical glitch that could allow unauthenticated, remote attackers to gain unauthorized access to targeted devices \u2013 giving them elevated privileges such as the ability to view sensitive data and tamper with the device configuration. The flaw exists in Cisco\u2019s software that powers the Aironet networking APs, which allow other Wi-Fi devices to connect to a wired network.\n\n\u201cAn exploit could allow the attacker to gain access to the device with elevated privileges,\u201d said Cisco in a [Wednesday advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-unauth-access>). \u201cWhile the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe vulnerability (CVE-2019-15260) has a CVSS score of 9.8 out of 10.0, making it critical in severity. The flaw specifically stems from insufficient access control for certain URLs on impacted Aironet devices. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP, using the AP\u2019s web-based configuration [management system](<https://www.cisco.com/web/techdoc/wireless/access_points/online_help/eag/123-02.JA/1400BR/h_ap_services_http.html>). Impacted Aironet APs include the 1540, 1560, 1800, 2800, 3800 and 4800 series.\n\nCisco\u2019s Aironet APs were also impacted by two high-severity vulnerabilities.\n\nOne of these stems from a flaw in a processing functionality in Aironet access points that specifically processes \u201cpoint-to-point tunneling\u201d protocol VPN packets. These are an obsolete method for implementing virtual private networks on devices. [The flaw](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-pptp-dos>) (CVE-2019-15261) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.\n\nThe other high-severity vulnerability (CVE-2019-15264) exists in the \u201cControl and Provisioning of Wireless Access Points\u201d protocol implementation of Cisco Aironet and Catalyst 9100 APs. This standard networking protocol enables a central wireless LAN access controller to manage a collection of wireless APs.\n\nThe flaw could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in DoS, according to Cisco.\n\n\u201cThe vulnerability is due to improper resource management during [Control and Provisioning of Wireless Access Points] message processing,\u201d according to [Cisco](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-airo-capwap-dos>). \u201cAn attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the [APs].\u201d\n\n**High-Severity Flaws**\n\nOverall, Cisco issued patches for vulnerabilities tied to 41 CVEs on Wednesday, including the critical flaw, 17 high-severity vulnerabilities, and 23 medium severity glitches.\n\nUp to 13 high-severity vulnerabilities were discovered in Cisco\u2019s SPA100 Series Analog Telephone Adapters, which provide analog phones used by small businesses with access to internet phone services. The flaws could enable an authenticated, adjacent attacker to execute arbitrary code with elevated privileges, according to [Tenable researchers](<https://www.tenable.com/security/research/tra-2019-44>) who discovered them.\n\nThe flaws stem from an improper validation of user-supplied input to the web-based management interface of the adapters, which is enabled by default for the devices.\n\n\u201cAn attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device,\u201d according to Cisco\u2019s advisory. \u201cA successful exploit could allow the attacker to execute arbitrary code with elevated privileges.\u201d\n\nThese vulnerabilities affect Cisco SPA112 2-Port Phone Adapter and SPA122 ATA with Router devices that are running firmware releases 1.4.1 SR4 and earlier and that have the web-based management interface enabled, Cisco said. Cisco SPA100 Series Firmware Release 1.4.1SR5 will address these vulnerabilities.\n\nOther high-severity flaws include a DoS flaw (CVE-2019-15262) in Cisco\u2019s Wireless LAN Controller Secure Shell and a cross-site request forgery vulnerability (CVE-2019-12636) in Cisco\u2019s Small Business Smart and Managed Switch lineup.\n\nIn September, Cisco released patches for 29 bugs [that addressed flaws](<https://threatpost.com/cisco-high-severity-bugs-2/148706/>) in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity.\n\n**_What are the top cybersecurity issues associated with privileged account access and credential governance? Experts from Thycotic on Oct. 23 will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "modified": "2019-10-17T14:35:03", "published": "2019-10-17T14:35:03", "id": "THREATPOST:B9AF2331426A6FE4C77E9B82F2FE0C87", "href": "https://threatpost.com/cisco-aironet-access-points-critical-flaws/149266/", "type": "threatpost", "title": "Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-15T22:21:21", "bulletinFamily": "info", "cvelist": ["CVE-2019-13326", "CVE-2019-13327", "CVE-2019-13328", "CVE-2019-13329", "CVE-2019-13330", "CVE-2019-13331", "CVE-2019-13332", "CVE-2019-5031", "CVE-2020-4703", "CVE-2020-4711"], "description": "Patches are available for eight high-severity flaws impacting the popular PDF software Foxit Reader. The bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems.\n\nThis week, Foxit Software, the company behind Foxit Reader, released the patches. While the number of Foxit Reader users is unclear, the [company claimed last year it](<https://www.foxitsoftware.com/company/press.php?title=foxit-launches-customer-first-campaign&id=1427>) has over 475 million users of its products.\n\nFoxit Software is urging customers to update to the latest version of its tool. \u201cFoxit has released Foxit Reader 9.7, which addresses potential security and stability issues,\u201d said the company in a [security advisory](<https://www.foxitsoftware.com/support/security-bulletins.php>).\n\n## JavaScript Error\n\nThe most severe of these flaws ([CVE-2019-5031](<https://www.symantec.com/security-center/vulnerabilities/writeup/110243?om_rssid=sr-advisories>)), which has a CVSS score of 8.8 out of 10.0, exists in how Foxit Reader interacts with JavaScript engine (the program that executes JavaScript code). JavaScript can be supported by Foxit Reader for interactive documents and dynamic forms. For instance, when a user opens a PDF document, it can execute JavaScript.\n\nHowever, when certain versions for the JavaScript engine (version 7.5.45 and previous versions in the V8 JavaScript engine) are used in version 9.4.1.16828 of Foxit Reader, it can result in arbitrary code execution and denial of service. That\u2019s because in the impacted Foxit Reader version, opening the JavaScript engine results in a large amount of memory being allocated, which quickly uses up all available memory. This would usually result in an out-of-memory state being detected and the process would be terminated. However, that process does not exist in the impacted Foxit Reader.\n\nIn an attack scenario, \u201ca specially crafted PDF document can trigger an out-of-memory condition which isn\u2019t handled properly, resulting in arbitrary code execution,\u201d according to Cisco Talos, which [discovered the flaw](<https://talosintelligence.com/vulnerability_reports/TALOS-2019-0793>). \u201cAn attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.\u201d\n\n## Other Flaws\n\nThe remaining high-severity vulnerabilities in Foxit Reader [were reported by](<https://www.zerodayinitiative.com/advisories/published/>) Zero Day Initiative, and all have a CVSS score of 7.8 out of 10.0 on the CVSS scale, making them \u201chigh-severity.\u201d\n\nIn all cases, the vulnerabilities could allow a remote attacker to gain access to the victims\u2019 systems. Foxit recommends Windows users with versions 9.6.0.25114 and earlier \u201cupgrade to the latest version of Foxit Reader (9.7 or later), available from the Foxit Web site.\u201d\n\nThree of the flaws ([CVE-2019-13326](<https://www.zerodayinitiative.com/advisories/ZDI-19-849/>),[CVE-2019-13327](<https://www.zerodayinitiative.com/advisories/ZDI-19-850/>),[CVE-2019-13328](<https://www.zerodayinitiative.com/advisories/ZDI-19-851/>)) stem from issues tied to how Foxit Reader handles AcroForm Fields, which are PDF files that contain form fields, which data can be entered into.\n\n\u201cThe specific flaw exists within the processing of fields within Acroform objects,\u201d said ZDI in regards to all three flaws. \u201cThe issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\u201d\n\nThe remaining high-severity flaws exist in Foxit Reader\u2019s handling of TIF files ([CVE-2019-13329](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13329>)), JPG files ([CVE-2019-13330](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13330>),[CVE-2019-13331](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13331>)) and XFA Form Templates ([CVE-2019-13332](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13332>)). XFA stands for XML Forms Architecture, a family of proprietary XML specifications that was developed by JetForm to enhance the processing of web forms.\n\nThe flaws allow remote attackers to execute arbitrary code on affected installations of Foxit Reader; however, they all come with a caveat: The target must first visit a malicious page or open a malicious file.\n\nIt\u2019s only Foxit Software\u2019s latest security issue: [In August](<https://www.foxitsoftware.com/support/security-advisories.php>), the company said that hundreds of thousands of accounts were affected in a data breach that compromised user names, company names and IP addresses.\n\nLast year, Foxit Software patched over [100 vulnerabilities](<https://threatpost.com/foxit-pdf-reader-fixes-high-severity-remote-code-execution-flaws/137889/>) in its Foxit Reader. Many of the bugs tackled by the company include a wide array of high severity remote code execution vulnerabilities.\n\n**_What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free _**[**_Threatpost webinar_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_, \u201cHackers and Security Pros: Where They Agree &amp; Disagree When It Comes to Your Privileged Access Security.\u201d _**[**_Click here to register_**](<https://register.gotowebinar.com/register/9029717654543174147?source=ART>)**_._**\n", "modified": "2019-10-03T16:23:30", "published": "2019-10-03T16:23:30", "id": "THREATPOST:2E2A527CE2526E42C6E61EC63D6A2FD4", "href": "https://threatpost.com/foxit-pdf-reader-vulnerable-to-8-high-severity-flaws/148897/", "type": "threatpost", "title": "Foxit PDF Reader Vulnerable to 8 High-Severity Flaws", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-10-17T07:06:55", "description": "The IBM Spectrum Protect Plus (SPP) administrative console running\non the remote host is affected by a remote code execution\nvulnerability due to the fact that it allows remote installation of\nconsole plugins. An unauthenticated, remote attacker can exploit\nthis and CVE-2020-4711 together, via specially crafted HTTP requests, \nto execute arbitrary code on the system with root privileges.\n\nNote that the application is reportedly affected by other\nvulnerabilities; however, this plugin has not tested for those issues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-15T00:00:00", "title": "IBM Spectrum Protect Plus File Upload RCE", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-4703", "CVE-2020-4711"], "modified": "2020-10-15T00:00:00", "cpe": ["cpe:/a:ibm:spectrum_protect_plus"], "id": "IBM_SPP_CVE-2020-4703.NASL", "href": "https://www.tenable.com/plugins/nessus/141471", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141471);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\"CVE-2020-4703\");\n script_xref(name:\"TRA\", value:\"TRA-2020-54\");\n\n script_name(english:\"IBM Spectrum Protect Plus File Upload RCE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application running on the remote host is affected by a\nremote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM Spectrum Protect Plus (SPP) administrative console running\non the remote host is affected by a remote code execution\nvulnerability due to the fact that it allows remote installation of\nconsole plugins. An unauthenticated, remote attacker can exploit\nthis and CVE-2020-4711 together, via specially crafted HTTP requests, \nto execute arbitrary code on the system with root privileges.\n\nNote that the application is reportedly affected by other\nvulnerabilities; however, this plugin has not tested for those issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6328867\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the IBM Spectrum Protect Plus RPM package spp-adminconsole to\n10.1.6-27 or later. That spp-adminconsole package should be in the IBM\nSpectrum Protect Plus 10.1.6 build 2045.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"PoC demonstrates unauthenticated RCE as root.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:spectrum_protect_plus\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_spp_admin_console_detect.nbin\");\n script_require_keys(\"installed_sw/IBM Spectrum Protect Plus Administrative Console\");\n script_require_ports(\"Services/www\", 8090);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('webapp_func.inc');\n\napp = 'IBM Spectrum Protect Plus Administrative Console';\n\n# Exit if app is not detected on the host.\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\n# Exit if app is not detected on this http port.\nport = get_http_port(default:8090, ignore_broken:TRUE);\nget_single_install(app_name:app, port:port);\n\nurl = '/api/plugin/?action=install_single';\n\n# Use a dead download URL so that no file will be uploaded to the\n# remote host.\nfilename = 'no_such_file_' + rand_str(length:8);\ndownload_url = 'http://localhost:12345/' + filename;\ndata = '{' +\n '\"url\": \"' + download_url + '\",' + # Where to download the file\n '\"filename\": \"' + filename + '\",' + # File name to be saved as\n '\"type\": \"FILE\",' + # Install type\n # pluginName folder to save the downloaded file\n #\n # /opt/adminconsole/plugins/<pluginName>/<filename> will be created\n # if <filename> is downloaded successfully from <url>.\n '\"pluginName\": \"emi/../../../../../tmp\"' +\n'}';\n\n# Response may be delayed as the vulnerable server tries to download\n# a file from a dead URL link.\nif (http_get_read_timeout() < 20)\n http_set_read_timeout(20);\n\nres = http_send_recv3(\n port : port,\n method : 'POST',\n item : url,\n data : data,\n content_type : 'application/json',\n exit_on_fail : TRUE\n);\n\n# Patched server removed POST support to /api/plugin.\n# It returns a '501 Not Implemented'.\nif(' 501 ' >< res[0])\n audit(AUDIT_LISTEN_NOT_VULN, app, port);\n#\n# Vulnerable server processes the request and returns 200.\n# No file was uploaded to the remote host because a dead download\n# URL was used, and installation of <pluginName> failed.\nelse if(' 200 ' >< res[0])\n{\n extra = 'Nessus was able to detect the issue by sending the' +\n ' following HTTP request to the remote host : ' +\n '\\n' +\n '\\n' +\n http_last_sent_request();\n\n security_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n extra : extra \n );\n}\n# Unexpected response status\nelse\n audit(AUDIT_RESP_BAD, port, 'an HTTP request. Unexpected HTTP response status ' + chomp(res[0]));\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-15T06:23:11", "description": "The remote Windows host is missing security update 4520011.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n \n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)", "edition": 16, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4520011: Windows 10 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2019-10-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_OCT_4520011.NASL", "href": "https://www.tenable.com/plugins/nessus/129726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129726);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1238\",\n \"CVE-2019-1307\",\n \"CVE-2019-1308\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1316\",\n \"CVE-2019-1317\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1334\",\n \"CVE-2019-1335\",\n \"CVE-2019-1339\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1346\",\n \"CVE-2019-1347\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1366\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4520011\");\n script_xref(name:\"MSFT\", value:\"MS19-4520011\");\n\n script_name(english:\"KB4520011: Windows 10 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4520011.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n \n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)\");\n # https://support.microsoft.com/en-us/help/4520011/windows-10-update-kb4520011\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8905e062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4520011.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4520011');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4520011])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-15T06:23:10", "description": "The remote Windows host is missing security update 4520010.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n \n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)", "edition": 16, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4520010: Windows 10 Version 1703 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2019-10-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_OCT_4520010.NASL", "href": "https://www.tenable.com/plugins/nessus/129725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129725);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1230\",\n \"CVE-2019-1238\",\n \"CVE-2019-1307\",\n \"CVE-2019-1308\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1316\",\n \"CVE-2019-1317\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1321\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1334\",\n \"CVE-2019-1335\",\n \"CVE-2019-1339\",\n \"CVE-2019-1340\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1345\",\n \"CVE-2019-1346\",\n \"CVE-2019-1347\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1366\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4520010\");\n script_xref(name:\"MSFT\", value:\"MS19-4520010\");\n\n script_name(english:\"KB4520010: Windows 10 Version 1703 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4520010.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n \n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)\");\n # https://support.microsoft.com/en-us/help/4520010/windows-10-update-kb4520010\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4f0552f5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4520010.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4520010');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4520010])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-15T06:23:09", "description": "The remote Windows host is missing security update 4520004.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)", "edition": 14, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4520004: Windows 10 Version 1709 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2019-10-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_OCT_4520004.NASL", "href": "https://www.tenable.com/plugins/nessus/129721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129721);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1230\",\n \"CVE-2019-1238\",\n \"CVE-2019-1307\",\n \"CVE-2019-1308\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1316\",\n \"CVE-2019-1317\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1320\",\n \"CVE-2019-1321\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1334\",\n \"CVE-2019-1335\",\n \"CVE-2019-1339\",\n \"CVE-2019-1340\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1345\",\n \"CVE-2019-1346\",\n \"CVE-2019-1347\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1366\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4520004\");\n script_xref(name:\"MSFT\", value:\"MS19-4520004\");\n\n script_name(english:\"KB4520004: Windows 10 Version 1709 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4520004.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)\");\n # https://support.microsoft.com/en-us/help/4520004/windows-10-update-kb4520004\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60d0b932\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4520004.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4520004');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4520004])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-15T06:23:07", "description": "The remote Windows host is missing security update 4519998.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An information disclosure vulnerability exists when \n Microsoft Edge based on Edge HTML improperly handles \n objects in memory. An attacker who successfully exploited \n the vulnerability could obtain information to further \n compromise the user\u00e2\u0080\u0099s system. To exploit the vulnerability, \n in a web-based attack scenario, an attacker could host a \n website in an attempt to exploit the vulnerability. In \n addition, compromised websites and websites that accept \n or host user-provided content could contain specially \n crafted content that could exploit the vulnerability. \n (CVE-2019-1356)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4519998: Windows 10 Version 1607 and Windows Server 2016 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2019-10-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_OCT_4519998.NASL", "href": "https://www.tenable.com/plugins/nessus/129719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129719);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1238\",\n \"CVE-2019-1307\",\n \"CVE-2019-1308\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1316\",\n \"CVE-2019-1317\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1334\",\n \"CVE-2019-1335\",\n \"CVE-2019-1339\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1345\",\n \"CVE-2019-1346\",\n \"CVE-2019-1347\",\n \"CVE-2019-1356\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1365\",\n \"CVE-2019-1366\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4519998\");\n script_xref(name:\"MSFT\", value:\"MS19-4519998\");\n\n script_name(english:\"KB4519998: Windows 10 Version 1607 and Windows Server 2016 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4519998.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An information disclosure vulnerability exists when \n Microsoft Edge based on Edge HTML improperly handles \n objects in memory. An attacker who successfully exploited \n the vulnerability could obtain information to further \n compromise the user\u00e2\u0080\u0099s system. To exploit the vulnerability, \n in a web-based attack scenario, an attacker could host a \n website in an attempt to exploit the vulnerability. In \n addition, compromised websites and websites that accept \n or host user-provided content could contain specially \n crafted content that could exploit the vulnerability. \n (CVE-2019-1356)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)\");\n # https://support.microsoft.com/en-us/help/4519998/windows-10-update-kb4519998\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5df9140f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4519998.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4519998');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4519998])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-15T06:23:07", "description": "The remote Windows host is missing security update 4519338.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1323,\n CVE-2019-1336)\n\n - An information disclosure vulnerability exists when \n Microsoft Edge based on Edge HTML improperly handles \n objects in memory. An attacker who successfully exploited \n the vulnerability could obtain information to further \n compromise the user\u00e2\u0080\u0099s system. To exploit the vulnerability, \n in a web-based attack scenario, an attacker could host a \n website in an attempt to exploit the vulnerability. In \n addition, compromised websites and websites that accept \n or host user-provided content could contain specially \n crafted content that could exploit the vulnerability. \n (CVE-2019-1356)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320,\n CVE-2019-1322)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238, CVE-2019-1239)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1368)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An information disclosure vulnerability exists when\n Windows Update Client fails to properly handle objects\n in memory. An attacker who successfully exploited the\n vulnerability could potentially disclose memory contents\n of an elevated process. (CVE-2019-1337)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)", "edition": 16, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4519338: Windows 10 Version 1809 and Windows Server 2019 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1336", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1322", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1337", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1323", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1368", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1239", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2019-10-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_OCT_4519338.NASL", "href": "https://www.tenable.com/plugins/nessus/129717", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129717);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1230\",\n \"CVE-2019-1238\",\n \"CVE-2019-1239\",\n \"CVE-2019-1307\",\n \"CVE-2019-1308\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1316\",\n \"CVE-2019-1317\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1320\",\n \"CVE-2019-1321\",\n \"CVE-2019-1322\",\n \"CVE-2019-1323\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1334\",\n \"CVE-2019-1335\",\n \"CVE-2019-1336\",\n \"CVE-2019-1337\",\n \"CVE-2019-1339\",\n \"CVE-2019-1340\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1345\",\n \"CVE-2019-1346\",\n \"CVE-2019-1347\",\n \"CVE-2019-1356\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1365\",\n \"CVE-2019-1366\",\n \"CVE-2019-1368\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4519338\");\n script_xref(name:\"MSFT\", value:\"MS19-4519338\");\n\n script_name(english:\"KB4519338: Windows 10 Version 1809 and Windows Server 2019 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4519338.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1323,\n CVE-2019-1336)\n\n - An information disclosure vulnerability exists when \n Microsoft Edge based on Edge HTML improperly handles \n objects in memory. An attacker who successfully exploited \n the vulnerability could obtain information to further \n compromise the user\u00e2\u0080\u0099s system. To exploit the vulnerability, \n in a web-based attack scenario, an attacker could host a \n website in an attempt to exploit the vulnerability. In \n addition, compromised websites and websites that accept \n or host user-provided content could contain specially \n crafted content that could exploit the vulnerability. \n (CVE-2019-1356)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320,\n CVE-2019-1322)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238, CVE-2019-1239)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1368)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An information disclosure vulnerability exists when\n Windows Update Client fails to properly handle objects\n in memory. An attacker who successfully exploited the\n vulnerability could potentially disclose memory contents\n of an elevated process. (CVE-2019-1337)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)\");\n # https://support.microsoft.com/en-us/help/4519338/windows-10-update-kb4519338\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef69aa73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4519338.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4519338');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4519338])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-15T06:23:10", "description": "The remote Windows host is missing security update 4520008.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320,\n CVE-2019-1322)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1368)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)", "edition": 15, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4520008: Windows 10 Version 1803 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1322", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1368", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2019-10-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_OCT_4520008.NASL", "href": "https://www.tenable.com/plugins/nessus/129724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129724);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1230\",\n \"CVE-2019-1238\",\n \"CVE-2019-1307\",\n \"CVE-2019-1308\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1316\",\n \"CVE-2019-1317\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1320\",\n \"CVE-2019-1321\",\n \"CVE-2019-1322\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1334\",\n \"CVE-2019-1335\",\n \"CVE-2019-1339\",\n \"CVE-2019-1340\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1345\",\n \"CVE-2019-1346\",\n \"CVE-2019-1347\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1365\",\n \"CVE-2019-1366\",\n \"CVE-2019-1368\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4520008\");\n script_xref(name:\"MSFT\", value:\"MS19-4520008\");\n\n script_name(english:\"KB4520008: Windows 10 Version 1803 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4520008.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An information disclosure vulnerability exists when the\n Windows Hyper-V Network Switch on a host operating\n system fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2019-1230)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320,\n CVE-2019-1322)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1368)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)\");\n # https://support.microsoft.com/en-us/help/4520008/windows-10-update-kb4520008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ed66c5d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4520008.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4520008');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4520008])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-15T06:23:06", "description": "The remote Windows host is missing security update 4517389.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1323,\n CVE-2019-1336)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320,\n CVE-2019-1322)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - An information disclosure vulnerability exists when \n Microsoft Edge based on Edge HTML improperly handles \n objects in memory. An attacker who successfully exploited \n the vulnerability could obtain information to further \n compromise the user\u00e2\u0080\u0099s system. To exploit the vulnerability, \n in a web-based attack scenario, an attacker could host a \n website in an attempt to exploit the vulnerability. In \n addition, compromised websites and websites that accept \n or host user-provided content could contain specially \n crafted content that could exploit the vulnerability. \n (CVE-2019-1356)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1368)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An information disclosure vulnerability exists when\n Windows Update Client fails to properly handle objects\n in memory. An attacker who successfully exploited the\n vulnerability could potentially disclose memory contents\n of an elevated process. (CVE-2019-1337)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n \n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)", "edition": 15, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4517389: Windows 10 Version 1903 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1336", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1322", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1337", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1323", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1368", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2019-10-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_OCT_4517389.NASL", "href": "https://www.tenable.com/plugins/nessus/129716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129716);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1238\",\n \"CVE-2019-1307\",\n \"CVE-2019-1308\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1316\",\n \"CVE-2019-1317\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1320\",\n \"CVE-2019-1321\",\n \"CVE-2019-1322\",\n \"CVE-2019-1323\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1334\",\n \"CVE-2019-1335\",\n \"CVE-2019-1336\",\n \"CVE-2019-1337\",\n \"CVE-2019-1339\",\n \"CVE-2019-1340\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1345\",\n \"CVE-2019-1346\",\n \"CVE-2019-1347\",\n \"CVE-2019-1356\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1365\",\n \"CVE-2019-1366\",\n \"CVE-2019-1368\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4517389\");\n script_xref(name:\"MSFT\", value:\"MS19-4517389\");\n\n script_name(english:\"KB4517389: Windows 10 Version 1903 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4517389.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows AppX Deployment Server that allows file creation\n in arbitrary locations. (CVE-2019-1340)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1317)\n\n - A remote code execution vulnerability exists in the way\n that the Chakra scripting engine handles objects in\n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker\n could execute arbitrary code in the context of the\n current user. An attacker who successfully exploited the\n vulnerability could gain the same user rights as the\n current user. (CVE-2019-1307, CVE-2019-1308, \n CVE-2019-1335)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346, CVE-2019-1347)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Windows Update Client when it does not\n properly handle privileges. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. An attacker could then install\n programs; view, change or delete data. (CVE-2019-1323,\n CVE-2019-1336)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows Setup when it does not properly handle\n privileges. An attacker who successfully exploited this\n vulnerability could run processes in an elevated\n context. An attacker could then install programs; view,\n change or delete data. (CVE-2019-1316)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-1334, CVE-2019-1345)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows improperly handles authentication requests. An\n attacker who successfully exploited this vulnerability\n could run processes in an elevated context. An attacker\n could exploit this vulnerability by running a specially\n crafted application on the victim system. The update\n addresses the vulnerability by correcting the way\n Windows handles authentication requests. (CVE-2019-1320,\n CVE-2019-1322)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - An information disclosure vulnerability exists when \n Microsoft Edge based on Edge HTML improperly handles \n objects in memory. An attacker who successfully exploited \n the vulnerability could obtain information to further \n compromise the user\u00e2\u0080\u0099s system. To exploit the vulnerability, \n in a web-based attack scenario, an attacker could host a \n website in an attempt to exploit the vulnerability. In \n addition, compromised websites and websites that accept \n or host user-provided content could contain specially \n crafted content that could exploit the vulnerability. \n (CVE-2019-1356)\n\n - A security feature bypass exists when Windows Secure\n Boot improperly restricts access to debugging\n functionality. An attacker who successfully exploited\n this vulnerability could disclose protected kernel\n memory. (CVE-2019-1368)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - An elevation of privilege vulnerability exists when\n Windows CloudStore improperly handles file Discretionary\n Access Control List (DACL). An attacker who successfully\n exploited this vulnerability could overwrite a targeted\n file leading to an elevated status. (CVE-2019-1321)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An information disclosure vulnerability exists when\n Windows Update Client fails to properly handle objects\n in memory. An attacker who successfully exploited the\n vulnerability could potentially disclose memory contents\n of an elevated process. (CVE-2019-1337)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n \n - A remote code execution vulnerability exists in the way \n that the Chakra scripting engine handles objects in \n memory in Microsoft Edge (HTML-based). The vulnerability\n could corrupt memory in such a way that an attacker could \n execute arbitrary code in the context of the current user. \n An attacker who successfully exploited the vulnerability \n could gain the same user rights as the current user. If \n the current user is logged on with administrative user \n rights, an attacker who successfully exploited the \n vulnerability could take control of an affected system. \n An attacker could then install programs; view, change, \n or delete data; or create new accounts with full user \n rights. (CVE-2019-1366)\");\n # https://support.microsoft.com/en-us/help/4517389/windows-10-update-kb4517389\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13a5b27c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4517389.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft UPnP Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4517389');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4517389])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:46:51", "description": "The remote Windows host is missing security update 4520009\nor cumulative update 4520002. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A security feature bypass vulnerability exists in\n Microsoft Windows when a man-in-the-middle attacker is\n able to successfully bypass the NTLMv2 protection if a\n client is also sending LMv2 responses. An attacker who\n successfully exploited this vulnerability could gain the\n ability to downgrade NTLM security features.\n (CVE-2019-1338)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1346)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1362, CVE-2019-1364)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4520009: Windows Server 2008 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1362", "CVE-2019-1342", "CVE-2019-1319", "CVE-2019-1338", "CVE-2019-1318", "CVE-2019-1341", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1365", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1315", "CVE-2019-1333", "CVE-2019-1339", "CVE-2019-0608", "CVE-2019-1364"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_OCT_4520002.NASL", "href": "https://www.tenable.com/plugins/nessus/129720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129720);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1166\",\n \"CVE-2019-1238\",\n \"CVE-2019-1315\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1338\",\n \"CVE-2019-1339\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1344\",\n \"CVE-2019-1346\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1362\",\n \"CVE-2019-1364\",\n \"CVE-2019-1365\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4520002\");\n script_xref(name:\"MSKB\", value:\"4520009\");\n script_xref(name:\"MSFT\", value:\"MS19-4520002\");\n script_xref(name:\"MSFT\", value:\"MS19-4520009\");\n\n script_name(english:\"KB4520009: Windows Server 2008 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4520009\nor cumulative update 4520002. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A security feature bypass vulnerability exists in\n Microsoft Windows when a man-in-the-middle attacker is\n able to successfully bypass the NTLMv2 protection if a\n client is also sending LMv2 responses. An attacker who\n successfully exploited this vulnerability could gain the\n ability to downgrade NTLM security features.\n (CVE-2019-1338)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1346)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1362, CVE-2019-1364)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\");\n # https://support.microsoft.com/en-us/help/4520002/windows-server-2008-update-kb4520002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72b9f640\");\n # https://support.microsoft.com/en-us/help/4520009/windows-server-2008-update-kb4520009\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e19f82ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4520009 or Cumulative Update KB4520002.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4520009', '4520002');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4520009, 4520002])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:46:52", "description": "The remote Windows host is missing security update 4519985\nor cumulative update 4520007. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346)", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-08T00:00:00", "title": "KB4519985: Windows Server 2012 October 2019 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1341", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1315", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1339", "CVE-2019-0608", "CVE-2019-1357"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_OCT_4520007.NASL", "href": "https://www.tenable.com/plugins/nessus/129723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129723);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\n \"CVE-2019-0608\",\n \"CVE-2019-1060\",\n \"CVE-2019-1166\",\n \"CVE-2019-1238\",\n \"CVE-2019-1311\",\n \"CVE-2019-1315\",\n \"CVE-2019-1318\",\n \"CVE-2019-1319\",\n \"CVE-2019-1325\",\n \"CVE-2019-1326\",\n \"CVE-2019-1333\",\n \"CVE-2019-1339\",\n \"CVE-2019-1341\",\n \"CVE-2019-1342\",\n \"CVE-2019-1343\",\n \"CVE-2019-1344\",\n \"CVE-2019-1346\",\n \"CVE-2019-1357\",\n \"CVE-2019-1358\",\n \"CVE-2019-1359\",\n \"CVE-2019-1365\",\n \"CVE-2019-1371\"\n );\n script_xref(name:\"MSKB\", value:\"4520007\");\n script_xref(name:\"MSKB\", value:\"4519985\");\n script_xref(name:\"MSFT\", value:\"MS19-4520007\");\n script_xref(name:\"MSFT\", value:\"MS19-4519985\");\n\n script_name(english:\"KB4519985: Windows Server 2012 October 2019 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4519985\nor cumulative update 4520007. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A spoofing vulnerability exists when Microsoft Browsers\n improperly handle browser cookies. An attacker who\n successfully exploited this vulnerability could trick a\n browser into overwriting a secure cookie with an\n insecure cookie. The insecure cookie could serve as a\n pivot to chain an attack with other vulnerabilities in\n web services. (CVE-2019-1357)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-1358, CVE-2019-1359)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2019-1333)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-1371)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Code Integrity Module handles\n objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the users system. (CVE-2019-1344)\n\n - A remote code execution vulnerability exists when the\n Windows Imaging API improperly handles objects in\n memory. The vulnerability could corrupt memory in a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. (CVE-2019-1311)\n\n - A spoofing vulnerability exists when Transport Layer\n Security (TLS) accesses non- Extended Master Secret\n (EMS) sessions. An attacker who successfully exploited\n this vulnerability may gain access to unauthorized\n information. (CVE-2019-1318)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles a\n process crash. An attacker who successfully exploited\n this vulnerability could delete a targeted file leading\n to an elevated status. (CVE-2019-1342)\n\n - A remote code execution vulnerability exists in the way\n that the VBScript engine handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2019-1238)\n\n - A denial of service vulnerability exists in Remote\n Desktop Protocol (RDP) when an attacker connects to the\n target system using RDP and sends specially crafted\n requests. An attacker who successfully exploited this\n vulnerability could cause the RDP service on the target\n system to stop responding. (CVE-2019-1326)\n\n - An elevation of privilege vulnerability exists in the\n Windows redirected drive buffering system (rdbss.sys)\n when the operating system improperly handles specific\n local calls within Windows 7 for 32-bit systems. When\n this vulnerability is exploited within other versions of\n Windows it can cause a denial of service, but not an\n elevation of privilege. (CVE-2019-1325)\n\n - A tampering vulnerability exists in Microsoft Windows\n when a man-in-the-middle attacker is able to\n successfully bypass the NTLM MIC (Message Integrity\n Check) protection. An attacker who successfully\n exploited this vulnerability could gain the ability to\n downgrade NTLM security features. (CVE-2019-1166)\n\n - An elevation of privilege vulnerability exists when\n umpo.dll of the Power Service, improperly handles a\n Registry Restore Key function. An attacker who\n successfully exploited this vulnerability could delete a\n targeted registry key leading to an elevated status.\n (CVE-2019-1341)\n\n - An elevation of privilege vulnerability exists when\n Windows Error Reporting manager improperly handles hard\n links. An attacker who successfully exploited this\n vulnerability could overwrite a targeted file leading to\n an elevated status. (CVE-2019-1315, CVE-2019-1339)\n\n - An elevation of privilege vulnerability exists when\n Microsoft IIS Server fails to check the length of a\n buffer prior to copying memory to it. An attacker who\n successfully exploited this vulnerability can allow an\n unprivileged function ran by the user to execute code in\n the context of NT AUTHORITY\\system escaping the Sandbox.\n The security update addresses the vulnerability by\n correcting how Microsoft IIS Server sanitizes web\n requests. (CVE-2019-1365)\n\n - A remote code execution vulnerability exists when the\n Microsoft XML Core Services MSXML parser processes user\n input. An attacker who successfully exploited the\n vulnerability could run malicious code remotely to take\n control of the users system. (CVE-2019-1060)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2019-1319)\n\n - A spoofing vulnerability exists when Microsoft Browsers\n does not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could\n impersonate a user request by crafting HTTP queries. The\n specially crafted website could either spoof content or\n serve as a pivot to chain an attack with other\n vulnerabilities in web services. (CVE-2019-0608)\n\n - A denial of service vulnerability exists when Windows\n improperly handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2019-1343,\n CVE-2019-1346)\");\n # https://support.microsoft.com/en-us/help/4520007/windows-server-2012-update-kb4520007\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d72b58b\");\n # https://support.microsoft.com/en-us/help/4519985/windows-server-2012-update-kb4519985\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7951661\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4519985 or Cumulative Update KB4520007.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1359\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-10\";\nkbs = make_list('4520007', '4519985');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"10_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4520007, 4519985])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2019-10-08T22:36:20", "bulletinFamily": "software", "cvelist": ["CVE-2019-1239"], "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful attacks, never handle or open files from unknown sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code. Host-based intrusion-prevention systems may also help prevent exploits. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110229", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110229", "type": "symantec", "title": "Microsoft Internet Explorer VBScript Engine CVE-2019-1239 Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-09T00:30:35", "bulletinFamily": "software", "cvelist": ["CVE-2019-1326"], "description": "### Description\n\nMicrosoft Windows Remote Desktop Protocol is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the target service to stop responding, denying service to legitimate users.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the potential impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs generated by NIDS and by the server itself for evidence of attacks against the server. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110271", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110271", "type": "symantec", "title": "Microsoft Windows Remote Desktop Protocol CVE-2019-1326 Denial of Service Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-08T22:36:22", "bulletinFamily": "software", "cvelist": ["CVE-2019-1366"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110238", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110238", "type": "symantec", "title": "Microsoft Edge Chakra Scripting Engine CVE-2019-1366 Remote Memory Corruption Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-09T00:30:34", "bulletinFamily": "software", "cvelist": ["CVE-2019-1372"], "description": "### Description\n\nMicrosoft Azure App Service is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Azure App Service on Azure Stack \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110310", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110310", "type": "symantec", "title": "Microsoft Azure App Service CVE-2019-1372 Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-08T22:36:25", "bulletinFamily": "software", "cvelist": ["CVE-2019-1335"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110232", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110232", "type": "symantec", "title": "Microsoft Edge Chakra Scripting Engine CVE-2019-1335 Remote Memory Corruption Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-09T00:30:36", "bulletinFamily": "software", "cvelist": ["CVE-2019-1333"], "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 Version 1903 for 32-bit Systems \n * Microsoft Windows 10 Version 1903 for ARM64-based Systems \n * Microsoft Windows 10 Version 1903 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 1903 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110257", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110257", "type": "symantec", "title": "Microsoft Windows Remote Desktop Client CVE-2019-1333 Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-08T22:36:22", "bulletinFamily": "software", "cvelist": ["CVE-2019-1308"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110231", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110231", "type": "symantec", "title": "Microsoft Edge Chakra Scripting Engine CVE-2019-1308 Remote Memory Corruption Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-08T22:36:22", "bulletinFamily": "software", "cvelist": ["CVE-2019-1307"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110230", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110230", "type": "symantec", "title": "Microsoft Edge Chakra Scripting Engine CVE-2019-1307 Remote Memory Corruption Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-08T22:36:23", "bulletinFamily": "software", "cvelist": ["CVE-2019-1238"], "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful attacks, never handle or open files from unknown sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code. Host-based intrusion-prevention systems may also help prevent exploits. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-10-08T00:00:00", "published": "2019-10-08T00:00:00", "id": "SMNTC-110228", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110228", "type": "symantec", "title": "Microsoft Internet Explorer VBScript Engine CVE-2019-1238 Remote Code Execution Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2019-10-08T20:01:47", "bulletinFamily": "info", "cvelist": ["CVE-2019-1238", "CVE-2019-1239"], "description": "[](<https://1.bp.blogspot.com/-3l6YsNZG714/XZzRBP2Q3xI/AAAAAAAA1W0/cuYNpWobYtIuSfh3Ugc1MrxVg6ETnCdLwCLcBGAsYHQ/s728-e100/Microsoft-patch-tuesday-updates.png>)\n\nMicrosoft today rolling out its October 2019 Patch Tuesday security updates to fix a total of 59 vulnerabilities in Windows operating systems and related software, 9 of which are rated as critical, 49 are important, and one is moderate in severity. \n \nWhat\u2019s good about this month\u2019s patch update is that after a very long time, none of the security vulnerabilities patched by the tech giant this month is being listed as publicly known or under active attack. \n \nMoreover, there is no roll-up patch for Adobe Flash Player bundled in Windows update for this month. \n \nBesides this, Microsoft has also put up a [notice](<https://msrc-blog.microsoft.com/2019/10/08/october-2019-security-updates-are-available/>) as a reminder for Windows 7 and Windows Server 2008 R2 users, warning them that the extended support for these two operating systems is about to end in the next two months and that they will no longer receive updates as of January 14, 2020. \n\n\n \nTwo of the critical vulnerabilities patched this month are remote code execution flaws in the VBScript engine, and both exist in the way VBScript handles objects in memory, allowing attackers to corrupt memory and execute arbitrary code in the context of the current user. \n \nThese two vulnerabilities, tracked as CVE-2019-1238 and CVE-2019-1239, can be exploited remotely by tricking victims into visiting a specially crafted website through Internet Explorer. \n \nAn attacker can also exploit these issues using an application or Microsoft Office document by embedding an ActiveX control marked \u2018safe for initialization\u2019 that utilizes Internet Explorer rendering engine. \n \nJust like recent months, Microsoft has patched another [reverse RDP attack](<https://thehackernews.com/2019/02/remote-desktop-hacking.html>), where attackers can take control over client computers connecting to a malicious RDP server by exploiting a critical remote code execution vulnerability in Windows built-in Remote Desktop Client application. \n \nUnlike the [wormable BlueKeep vulnerability](<https://thehackernews.com/2019/05/bluekeep-rdp-vulnerability.html>), the newly-patched RDP vulnerability is client-side, which requires an attacker to trick victims into connecting to a malicious RDP server via social engineering, DNS poisoning, or using a Man in the Middle (MITM) technique. \n \nThree critical RCE vulnerabilities are memory corruption flaws resides in the way Chakra scripting engine handles objects in memory in Microsoft Edge, whereas one critical RCE flaw is an elevation of privilege issue which exists when Azure App Service on Azure Stack fails to check the length of a buffer before copying memory to it. \n\n\n[](<https://bit.ly/2nAQ7y5> \"Web Application Firewall\" )\n\n \nOther vulnerabilities patched by Microsoft this month and marked as important reside in the following Microsoft products and services: \n \n\n\n * Microsoft Windows\n * Internet Explorer\n * Microsoft Edge\n * ChakraCore\n * Microsoft Office, Office Services and Web Apps\n * SQL Server Management Studio\n * Open Source Software\n * Microsoft Dynamics 365\n * Windows Update Assistant\n \nMost of these vulnerabilities allow elevation of privilege, and some also lead to remote code execution attacks, while others allow information disclosure, cross-site scripting (XSS), security feature bypass, spoofing, tampering, and denial of service attacks. \n \nWindows users and system administrators are highly advised to apply the latest security patches as soon as possible in an attempt to keep cybercriminals and hackers away from taking control of their computers. \n \nFor installing the latest Windows security updates, you can head on to Settings \u2192 Update &amp; Security \u2192 Windows Update \u2192 Check for updates on your PC, or you can install the updates manually.\n", "modified": "2019-10-08T18:12:03", "published": "2019-10-08T18:12:00", "id": "THN:8DCF845D1AC9E7107BDC3A4BCA6D2723", "href": "https://thehackernews.com/2019/10/microsoft-patch-tuesday-october.html", "type": "thn", "title": "Microsoft Releases October 2019 Patch Tuesday Updates", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-01-30T13:28:19", "bulletinFamily": "info", "cvelist": ["CVE-2019-1234", "CVE-2019-1372"], "description": "[](<https://1.bp.blogspot.com/-KwZXs6XCBLM/XjLC-6aVvYI/AAAAAAAA2QE/Kk6liyCBtekGqqh6bSkkQ5rnIR1l0oPWQCLcBGAsYHQ/s728-e100/microsoft-azure-hacking.jpg>)\n\nCybersecurity researchers at Check Point today disclosed details of two [recently patched](<https://thehackernews.com/2019/12/windows-zero-day-patch.html>) potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. \n \nAzure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes. \n \nAccording to a report researchers shared with The Hacker News, the first security vulnerability ([CVE-2019-1234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234>)) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft. \n\n\n \nIf exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure\u2014it doesn't matter if they're running on a shared, dedicated or isolated virtual machines. \n \nAccording to [researchers](<https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/>), this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack. \n \nBy leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown. \n \n\n\n[](<https://1.bp.blogspot.com/-ddMu79CwlhQ/XjLN4FzeVLI/AAAAAAAA2QQ/7FNAxSY0SkEbjI-8N8eW3zzqLOSoxw5wACLcBGAsYHQ/s728-e100/microsoft-azure-screenshots.jpg>)\n\n \nWhereas, the second issue ([CVE-2019-1372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372>)) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises' business code. \n \nWhat's more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal. \n \nCheck Point published a detailed [technical post](<https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii>) on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants' apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks. \n\n\n \nSince Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege. \n \n\"So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),\" the researchers said. \n \n\"This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.\" \n \nCheck Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos. \n \nAfter patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program. \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/thehackernews/>).\n", "modified": "2020-01-30T12:37:33", "published": "2020-01-30T11:59:00", "id": "THN:0C7E84207B4D65E7F360B825BEC52DF5", "href": "https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html", "type": "thn", "title": "Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2019-10-17T09:31:36", "bulletinFamily": "blog", "cvelist": ["CVE-2019-1315", "CVE-2019-1333", "CVE-2019-1372"], "description": "This month\u2019s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.\n\n### Workstation Patches\n\nScripting Engine, Browser, and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.\n\n### Azure App Service RCE\n\nA Remote Code Execution vulnerability ([CVE-2019-1372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372>)) exists in Azure App Service on Azure Stack which escapes the sandbox and can execute malicious code as System. If you have the Azure App Service deployed to your Azure Stack, this patch should be prioritized.\n\n### Remote Desktop Client RCE\n\nAnother Remote Code Execution vulnerability ([CVE-2019-1333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333>)) has been patched in the Remote Desktop Client. Exploiting this vulnerability would require a target to connect to a malicious Remote Desktop Server.\n\n### Publicly Disclosed Privilege Escalation in Windows Error Reporting Manager\n\nA vulnerability ([CVE-2019-1315](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315>)) in Windows Error Reporting manager has been [publicly disclosed](<https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html>) along with PoC code. Exploitation of this vulnerability allows an attacker to overwrite arbitrary files, which could lead to privilege escalation.\n\n### Out-of-Band Patches for Internet Explorer and Windows Defender\n\nOn September 23rd, Microsoft issued out-of-band patches for Internet Explorer and Windows Defender. To read more about these vulnerabilities, and how to detect and patch them, please see our recent [blog post](<https://blog.qualys.com/laws-of-vulnerabilities/2019/09/24/microsoft-releases-out-of-band-security-updates>).\n\n### Adobe\n\nAt the time of this writing, Adobe has not released any patches for Patch Tuesday. However, they did release [out-of-band patches](<https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html>) on September 24th for ColdFusion 2016 and 2018, covering two Critical vulnerabilities and one Important.", "modified": "2019-10-08T18:18:26", "published": "2019-10-08T18:18:26", "id": "QUALYSBLOG:36145D374BE8B413181362F0BD4A4907", "href": "https://blog.qualys.com/laws-of-vulnerabilities/2019/10/08/october-2019-patch-tuesday", "type": "qualysblog", "title": "October 2019 Patch Tuesday \u2013 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2020-08-07T11:45:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1239"], "description": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 2, "modified": "2019-10-08T07:00:00", "id": "MS:CVE-2019-1239", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1239", "published": "2019-10-08T07:00:00", "title": "VBScript Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:23", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1326"], "description": "A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.\n\nTo exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.\n\nThe update addresses the vulnerability by correcting how RDP handles connection requests.\n", "edition": 2, "modified": "2019-10-08T07:00:00", "id": "MS:CVE-2019-1326", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1326", "published": "2019-10-08T07:00:00", "title": "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability", "type": "mscve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-07T11:45:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1366"], "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.\n", "edition": 2, "modified": "2019-10-08T07:00:00", "id": "MS:CVE-2019-1366", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1366", "published": "2019-10-08T07:00:00", "title": "Chakra Scripting Engine Memory Corruption Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:45:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1335"], "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.\n", "edition": 2, "modified": "2019-10-08T07:00:00", "id": "MS:CVE-2019-1335", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1335", "published": "2019-10-08T07:00:00", "title": "Chakra Scripting Engine Memory Corruption Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:23", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1372"], "description": "A remote code execution vulnerability exists when Azure Stack fails to check the length of a buffer prior to copying memory to it.\n\nAn attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\\system thereby escaping the Sandbox.\n\nThe security update addresses the vulnerability by ensuring that Azure Stack sanitizes user inputs.\n", "edition": 2, "modified": "2020-01-31T08:00:00", "id": "MS:CVE-2019-1372", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372", "published": "2020-01-31T08:00:00", "title": "Azure Stack Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:45:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1308"], "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.\n", "edition": 2, "modified": "2019-10-08T07:00:00", "id": "MS:CVE-2019-1308", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1308", "published": "2019-10-08T07:00:00", "title": "Chakra Scripting Engine Memory Corruption Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:45:30", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1307"], "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.\n", "edition": 2, "modified": "2019-10-08T07:00:00", "id": "MS:CVE-2019-1307", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1307", "published": "2019-10-08T07:00:00", "title": "Chakra Scripting Engine Memory Corruption Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:17", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1333"], "description": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect.\n\nThe update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.\n", "edition": 2, "modified": "2019-10-09T07:00:00", "id": "MS:CVE-2019-1333", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333", "published": "2019-10-09T07:00:00", "title": "Remote Desktop Client Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:32", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1238"], "description": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 2, "modified": "2019-10-08T07:00:00", "id": "MS:CVE-2019-1238", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1238", "published": "2019-10-08T07:00:00", "title": "VBScript Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-07-21T20:40:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4519998", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815708", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4519998)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815708\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-1319\", \"CVE-2019-1325\", \"CVE-2019-0608\", \"CVE-2019-1060\",\n \"CVE-2019-1166\", \"CVE-2019-1365\", \"CVE-2019-1366\", \"CVE-2019-1371\",\n \"CVE-2019-1238\", \"CVE-2019-1307\", \"CVE-2019-1308\", \"CVE-2019-1311\",\n \"CVE-2019-1315\", \"CVE-2019-1316\", \"CVE-2019-1317\", \"CVE-2019-1318\",\n \"CVE-2019-1326\", \"CVE-2019-1333\", \"CVE-2019-1334\", \"CVE-2019-1335\",\n \"CVE-2019-1339\", \"CVE-2019-1341\", \"CVE-2019-1342\", \"CVE-2019-1343\",\n \"CVE-2019-1344\", \"CVE-2019-1345\", \"CVE-2019-1346\", \"CVE-2019-1347\",\n \"CVE-2019-1356\", \"CVE-2019-1357\", \"CVE-2019-1358\", \"CVE-2019-1359\",\n \"CVE-2019-1367\", \"CVE-2019-1192\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:43:20 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4519998)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4519998\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - improper handling of objects in memory in Windows Jet Database Engine,\n Microsoft Edge, Windows Imaging API, Windows Code Integrity Module\n and Windows kernel.\n\n - improper handling of hard links in Windows Error Reporting manager,\n\n - improper parsing of HTTP content in Microsoft Browsers.\n\n - improper handling of privileges in Microsoft Windows Setup.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to\n execute arbitrary code on a victim system, elevate privileges, obtain information\n to further compromise the user's system or cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4519998\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Mshtml.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_in_range(version:fileVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.3268\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Mshtml.dll\",\n file_version:fileVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.3268\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:41:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4520004", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815489", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4520004)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815489\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1060\", \"CVE-2019-1166\", \"CVE-2019-1192\",\n \"CVE-2019-1230\", \"CVE-2019-1238\", \"CVE-2019-1307\", \"CVE-2019-1308\",\n \"CVE-2019-1311\", \"CVE-2019-1315\", \"CVE-2019-1316\", \"CVE-2019-1317\",\n \"CVE-2019-1318\", \"CVE-2019-1319\", \"CVE-2019-1320\", \"CVE-2019-1321\",\n \"CVE-2019-1325\", \"CVE-2019-1326\", \"CVE-2019-1333\", \"CVE-2019-1334\",\n \"CVE-2019-1335\", \"CVE-2019-1339\", \"CVE-2019-1340\", \"CVE-2019-1341\",\n \"CVE-2019-1342\", \"CVE-2019-1343\", \"CVE-2019-1344\", \"CVE-2019-1345\",\n \"CVE-2019-1346\", \"CVE-2019-1347\", \"CVE-2019-1356\", \"CVE-2019-1357\",\n \"CVE-2019-1358\", \"CVE-2019-1359\", \"CVE-2019-1366\", \"CVE-2019-1367\",\n \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:13:33 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4520004)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4520004\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle\n attacker is able to successfully bypass the NTLM MIC (Message Integrity Check)\n protection.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows Error Reporting (WER) improperly handles and executes files.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Scripting engine improperly handles objects in memory in Internet Explorer.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, bypass security restrictions,\n elevate privileges and read privileged data across trust boundaries, create a\n denial of service condition and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for x64-based Systems\n\n - Microsoft Windows 10 Version 1709 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4520004\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Gdiplus.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1447\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Gdiplus.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1447\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4520010", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815487", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4520010)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815487\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1060\", \"CVE-2019-1166\", \"CVE-2019-1192\",\n \"CVE-2019-1230\", \"CVE-2019-1238\", \"CVE-2019-1307\", \"CVE-2019-1308\",\n \"CVE-2019-1311\", \"CVE-2019-1315\", \"CVE-2019-1316\", \"CVE-2019-1317\",\n \"CVE-2019-1318\", \"CVE-2019-1319\", \"CVE-2019-1321\", \"CVE-2019-1325\",\n \"CVE-2019-1326\", \"CVE-2019-1333\", \"CVE-2019-1334\", \"CVE-2019-1335\",\n \"CVE-2019-1339\", \"CVE-2019-1340\", \"CVE-2019-1341\", \"CVE-2019-1342\",\n \"CVE-2019-1343\", \"CVE-2019-1344\", \"CVE-2019-1345\", \"CVE-2019-1346\",\n \"CVE-2019-1347\", \"CVE-2019-1356\", \"CVE-2019-1357\", \"CVE-2019-1358\",\n \"CVE-2019-1359\", \"CVE-2019-1366\", \"CVE-2019-1367\", \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:13:33 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4520010)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4520010\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - VBScript engine improperly handles objects in memory.\n\n - Windows Imaging API improperly handles objects in memory.\n\n - The 'umpo.dll' of the Power Service, improperly handles a Registry Restore\n Key function.\n\n - Windows improperly handles hard link.\n\n - Windows Error Reporting manager improperly handles hard links.\n\n - Windows CloudStore improperly handles file Discretionary Access Control List\n (DACL).\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, bypass security restrictions,\n elevate privileges and read privileged data across trust boundaries, create a\n denial of service condition and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1703 for x64-based Systems\n\n - Microsoft Windows 10 Version 1703 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4520010\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Wininet.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.2105\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Wininet.dll\",\n file_version:dllVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.2105\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2018-12126", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2018-12127", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-11091", "CVE-2019-0608", "CVE-2019-1357", "CVE-2018-12130"], "description": "This host is missing a critical security\n update according to Microsoft KB4520011", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815486", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4520011)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815486\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2019-0608\",\n \"CVE-2019-1060\", \"CVE-2019-11091\", \"CVE-2019-1166\", \"CVE-2019-1192\",\n \"CVE-2019-1238\", \"CVE-2019-1307\", \"CVE-2019-1308\", \"CVE-2019-1311\",\n \"CVE-2019-1315\", \"CVE-2019-1316\", \"CVE-2019-1317\", \"CVE-2019-1318\",\n \"CVE-2019-1319\", \"CVE-2019-1325\", \"CVE-2019-1326\", \"CVE-2019-1333\",\n \"CVE-2019-1334\", \"CVE-2019-1335\", \"CVE-2019-1339\", \"CVE-2019-1341\",\n \"CVE-2019-1342\", \"CVE-2019-1343\", \"CVE-2019-1344\", \"CVE-2019-1346\",\n \"CVE-2019-1347\", \"CVE-2019-1357\", \"CVE-2019-1358\", \"CVE-2019-1359\",\n \"CVE-2019-1366\", \"CVE-2019-1367\", \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:13:33 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4520011)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4520011\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Speculative execution side channel vulnerabilities known as Microarchitectural\n Data Sampling.\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - Windows Imaging API improperly handles objects in memory.\n\n - The 'umpo.dll' of the Power Service, improperly handles a Registry Restore\n Key function.\n\n - Windows Error Reporting manager improperly handles hard links.\n\n - Internet Explorer improperly accesses objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, elevate privileges and read\n privileged data across trust boundaries, create a denial of service condition\n and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for x64-based Systems\n\n - Microsoft Windows 10 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4520011\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\nif(!sysPath = smb_get_system32root())\n exit(0);\n\nif(!edgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\"))\n exit(0);\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18365\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18365\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1336", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1322", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1337", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1323", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1368", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1239", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4519338", "modified": "2020-07-17T00:00:00", "published": "2019-10-10T00:00:00", "id": "OPENVAS:1361412562310815497", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815497", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4519338)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815497\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1060\", \"CVE-2019-1166\", \"CVE-2019-1192\",\n \"CVE-2019-1230\", \"CVE-2019-1238\", \"CVE-2019-1239\", \"CVE-2019-1307\",\n \"CVE-2019-1308\", \"CVE-2019-1311\", \"CVE-2019-1315\", \"CVE-2019-1317\",\n \"CVE-2019-1318\", \"CVE-2019-1319\", \"CVE-2019-1320\", \"CVE-2019-1321\",\n \"CVE-2019-1322\", \"CVE-2019-1323\", \"CVE-2019-1325\", \"CVE-2019-1326\",\n \"CVE-2019-1333\", \"CVE-2019-1334\", \"CVE-2019-1335\", \"CVE-2019-1336\",\n \"CVE-2019-1337\", \"CVE-2019-1339\", \"CVE-2019-1340\", \"CVE-2019-1341\",\n \"CVE-2019-1342\", \"CVE-2019-1343\", \"CVE-2019-1344\", \"CVE-2019-1345\",\n \"CVE-2019-1346\", \"CVE-2019-1347\", \"CVE-2019-1356\", \"CVE-2019-1357\",\n \"CVE-2019-1358\", \"CVE-2019-1359\", \"CVE-2019-1365\", \"CVE-2019-1366\",\n \"CVE-2019-1367\", \"CVE-2019-1368\", \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-10 14:23:24 +0530 (Thu, 10 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4519338)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4519338\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - Windows Hyper-V Network Switch on a host operating system fails to properly\n validate input from an authenticated user on a guest operating system.\n\n - Windows kernel improperly handles objects in memory.\n\n - Windows Error Reporting (WER) improperly handles and executes files.\n\n - Microsoft Windows Update Client does not properly handle privileges.\n\n - Windows Error Reporting manager improperly handles hard links.\n\n - Microsoft browsers improperly handle requests of different origins.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode, obtain information to further compromise\n a user's system, elevate permissions and create a denial of service condition\n causing the target system to become unresponsive.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1809 for x64-based Systems\n\n - Microsoft Windows Server 2019\n\n - Microsoft Windows 10 Version 1809 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-in/help/4519338\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Ntoskrnl.exe\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17763.0\", test_version2:\"10.0.17763.801\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Ntoskrnl.exe\",\n file_version:dllVer, vulnerable_range:\"10.0.17763.0 - 10.0.17763.801\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1336", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1322", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1337", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1323", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1368", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4517389", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815493", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4517389)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815493\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1060\", \"CVE-2019-1166\", \"CVE-2019-1192\",\n \"CVE-2019-1238\", \"CVE-2019-1307\", \"CVE-2019-1308\", \"CVE-2019-1311\",\n \"CVE-2019-1315\", \"CVE-2019-1316\", \"CVE-2019-1317\", \"CVE-2019-1318\",\n \"CVE-2019-1319\", \"CVE-2019-1320\", \"CVE-2019-1321\", \"CVE-2019-1322\",\n \"CVE-2019-1323\", \"CVE-2019-1325\", \"CVE-2019-1326\", \"CVE-2019-1333\",\n \"CVE-2019-1334\", \"CVE-2019-1335\", \"CVE-2019-1336\", \"CVE-2019-1337\",\n \"CVE-2019-1339\", \"CVE-2019-1340\", \"CVE-2019-1341\", \"CVE-2019-1342\",\n \"CVE-2019-1343\", \"CVE-2019-1344\", \"CVE-2019-1345\", \"CVE-2019-1346\",\n \"CVE-2019-1347\", \"CVE-2019-1356\", \"CVE-2019-1357\", \"CVE-2019-1358\",\n \"CVE-2019-1359\", \"CVE-2019-1365\", \"CVE-2019-1366\", \"CVE-2019-1367\",\n \"CVE-2019-1368\", \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:13:33 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4517389)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4517389\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle\n attacker is able to successfully bypass the NTLM MIC (Message Integrity Check)\n protection.\n\n - Chakra scripting engine improperly handles objects in memory in Microsoft Edge.\n\n - A spoofing vulnerability exists when Transport Layer Security (TLS) accesses\n non Extended Master Secret (EMS) sessions.\n\n - Microsoft Windows Update Client does not properly handle privileges.\n\n - Windows Error Reporting manager improperly handles process crashes.\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - Scripting engine handles objects in memory in Internet Explorer.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, bypass security restrictions,\n elevate privileges and read privileged data across trust boundaries, create a\n denial of service condition and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1903 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1903 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4517389\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Schannel.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.18362.0\", test_version2:\"10.0.18362.417\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Schannel.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.18362.0 - 10.0.18362.417\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1307", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1366", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1322", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1321", "CVE-2019-1371", "CVE-2019-1316", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1230", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1340", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1345", "CVE-2019-1315", "CVE-2019-1335", "CVE-2019-1333", "CVE-2019-1368", "CVE-2019-1325", "CVE-2019-1308", "CVE-2019-1320", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-1317", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4520008", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815488", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4520008)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815488\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1060\", \"CVE-2019-1166\", \"CVE-2019-1192\",\n \"CVE-2019-1230\", \"CVE-2019-1238\", \"CVE-2019-1307\", \"CVE-2019-1308\",\n \"CVE-2019-1311\", \"CVE-2019-1315\", \"CVE-2019-1316\", \"CVE-2019-1317\",\n \"CVE-2019-1318\", \"CVE-2019-1319\", \"CVE-2019-1320\", \"CVE-2019-1321\",\n \"CVE-2019-1322\", \"CVE-2019-1325\", \"CVE-2019-1326\", \"CVE-2019-1333\",\n \"CVE-2019-1334\", \"CVE-2019-1335\", \"CVE-2019-1339\", \"CVE-2019-1340\",\n \"CVE-2019-1341\", \"CVE-2019-1342\", \"CVE-2019-1343\", \"CVE-2019-1344\",\n \"CVE-2019-1345\", \"CVE-2019-1346\", \"CVE-2019-1347\", \"CVE-2019-1356\",\n \"CVE-2019-1357\", \"CVE-2019-1358\", \"CVE-2019-1359\", \"CVE-2019-1365\",\n \"CVE-2019-1366\", \"CVE-2019-1367\", \"CVE-2019-1368\", \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:13:33 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4520008)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4520008\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - Microsoft XML Core Services MSXML parser improperly processes user input.\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle\n attacker is able to successfully bypass the NTLM MIC (Message Integrity Check)\n protection.\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Windows improperly handles hard link.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Microsoft browsers improperly handle requests of different origins.\n\n - Windows improperly handles authentication requests..\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, bypass security restrictions,\n elevate privileges and read privileged data across trust boundaries, create a\n denial of service condition and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for x64-based Systems\n\n - Microsoft Windows 10 Version 1803 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4520008\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nexeVer = fetch_file_version(sysPath:sysPath, file_name:\"Ntoskrnl.exe\");\nif(!exeVer)\n exit(0);\n\nif(version_in_range(version:exeVer, test_version:\"10.0.17134.0\", test_version2:\"10.0.17134.1066\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Ntoskrnl.exe\",\n file_version:exeVer, vulnerable_range:\"10.0.17134.0 - 10.0.17134.1066\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1362", "CVE-2019-1342", "CVE-2019-1319", "CVE-2019-1338", "CVE-2019-1318", "CVE-2019-1341", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1361", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1365", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1315", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1339", "CVE-2019-1363", "CVE-2019-0608", "CVE-2019-1357", "CVE-2019-1364"], "description": "This host is missing a critical security\n update according to Microsoft KB4519976", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815710", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4519976)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815710\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1166\", \"CVE-2019-1192\", \"CVE-2019-1238\",\n \"CVE-2019-1315\", \"CVE-2019-1318\", \"CVE-2019-1319\", \"CVE-2019-1325\",\n \"CVE-2019-1326\", \"CVE-2019-1333\", \"CVE-2019-1338\", \"CVE-2019-1339\",\n \"CVE-2019-1341\", \"CVE-2019-1342\", \"CVE-2019-1344\", \"CVE-2019-1346\",\n \"CVE-2019-1357\", \"CVE-2019-1358\", \"CVE-2019-1359\", \"CVE-2019-1361\",\n \"CVE-2019-1362\", \"CVE-2019-1363\", \"CVE-2019-1364\", \"CVE-2019-1365\",\n \"CVE-2019-1367\", \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 12:02:34 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4519976)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4519976\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Improper parsing of HTTP content.\n\n - Improper handling of objects in memory in VBScript engine.\n\n - Improperly handling of hard links in Windows Error Reporting manager.\n\n - Improper handling of a Registry Restore Key function in 'umpo.dll' of\n Power Service.\n\n - Improper handling of process crash in Windows Error Reporting manager.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code on a victim system, obtain information\n to further compromise the user's system, gain elevated privileges and disclose\n sensitive information or cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4519976\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Mshtml.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.19507\")) {\n report = report_fixed_ver(file_checked:dllPath + \"\\Mshtml.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.19507\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1342", "CVE-2019-1319", "CVE-2019-1060", "CVE-2019-1318", "CVE-2019-1341", "CVE-2019-1347", "CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-1326", "CVE-2019-1359", "CVE-2019-1166", "CVE-2019-1358", "CVE-2019-1311", "CVE-2019-1365", "CVE-2019-1346", "CVE-2019-1344", "CVE-2019-1343", "CVE-2019-1315", "CVE-2019-1333", "CVE-2019-1325", "CVE-2019-1334", "CVE-2019-1339", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4520005", "modified": "2020-07-17T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815490", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4520005)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815490\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1060\", \"CVE-2019-1166\", \"CVE-2019-1192\",\n \"CVE-2019-1238\", \"CVE-2019-1311\", \"CVE-2019-1315\", \"CVE-2019-1318\",\n \"CVE-2019-1319\", \"CVE-2019-1325\", \"CVE-2019-1326\", \"CVE-2019-1333\",\n \"CVE-2019-1334\", \"CVE-2019-1339\", \"CVE-2019-1341\", \"CVE-2019-1342\",\n \"CVE-2019-1343\", \"CVE-2019-1344\", \"CVE-2019-1346\", \"CVE-2019-1347\",\n \"CVE-2019-1357\", \"CVE-2019-1358\", \"CVE-2019-1359\", \"CVE-2019-1365\",\n \"CVE-2019-1367\", \"CVE-2019-1371\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:13:33 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4520005)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4520005\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - Microsoft XML Core Services MSXML parser processes user input.\n\n - A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle\n attacker is able to successfully bypass the NTLM MIC (Message Integrity Check)\n protection.\n\n - An error in windows redirected drive buffering system (rdbss.sys) when the\n operating system improperly handles specific local calls.\n\n - Windows Error Reporting (WER) improperly handles and executes files.\n\n - Windows Error Reporting manager improperly handles hard links.\n\n - Remote Desktop Protocol (RDP) improperly handles connection requests.\n\n - Windows Code Integrity Module improperly handles objects in memory.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, bypass security restrictions,\n elevate privileges and read privileged data across trust boundaries, create a\n denial of service condition and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64-based systems\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4520005\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"Urlmon.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_is_less(version:dllVer, test_version:\"11.0.9600.19507\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Urlmon.dll\",\n file_version:dllVer, vulnerable_range:\"Less than 11.0.9600.19507\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1367", "CVE-2019-1192", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-0608", "CVE-2019-1357"], "description": "This host is missing a critical security\n update according to Microsoft KB4519974", "modified": "2020-06-04T00:00:00", "published": "2019-10-09T00:00:00", "id": "OPENVAS:1361412562310815492", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815492", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4519974)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815492\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0608\", \"CVE-2019-1238\", \"CVE-2019-1357\", \"CVE-2019-1371\",\n \"CVE-2019-1367\", \"CVE-2019-1192\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-09 10:13:33 +0530 (Wed, 09 Oct 2019)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4519974)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4519974\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Browsers does not properly parse HTTP content.\n\n - VBScript engine improperly handles objects in memory.\n\n - Microsoft Browsers improperly handle browser cookies.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Scripting engine handles objects in memory in Internet Explorer.\n\n - Microsoft browsers improperly handle requests of different origins.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code on the client machine, bypass security restrictions\n and conduct spoofing attack.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4519974\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\", \"MS/IE/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^11\\.\"){\n exit(0);\n}\n\niePath = smb_get_system32root();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"Mshtml.dll\");\nif(!iedllVer){\n exit(0);\n}\n\nif(version_is_less(version:iedllVer, test_version:\"11.0.9600.19502\"))\n{\n report = report_fixed_ver(file_checked:iePath + \"\\Mshtml.dll\",\n file_version:iedllVer, vulnerable_range:\"Less than 11.0.9600.19502\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-10-17T09:31:12", "bulletinFamily": "blog", "cvelist": ["CVE-2019-0608", "CVE-2019-0712", "CVE-2019-1060", "CVE-2019-1070", "CVE-2019-1166", "CVE-2019-1230", "CVE-2019-1238", "CVE-2019-1239", "CVE-2019-1307", "CVE-2019-1308", "CVE-2019-1311", "CVE-2019-1313", "CVE-2019-1314", "CVE-2019-1315", "CVE-2019-1316", "CVE-2019-1317", "CVE-2019-1318", "CVE-2019-1319", "CVE-2019-1320", "CVE-2019-1321", "CVE-2019-1322", "CVE-2019-1323", "CVE-2019-1325", "CVE-2019-1326", "CVE-2019-1327", "CVE-2019-1328", "CVE-2019-1329", "CVE-2019-1330", "CVE-2019-1331", "CVE-2019-1333", "CVE-2019-1334", "CVE-2019-1335", "CVE-2019-1336", "CVE-2019-1337", "CVE-2019-1338", "CVE-2019-1339", "CVE-2019-1340", "CVE-2019-1341", "CVE-2019-1342", "CVE-2019-1343", "CVE-2019-1344", "CVE-2019-1345", "CVE-2019-1346", "CVE-2019-1347", "CVE-2019-1356", "CVE-2019-1357", "CVE-2019-1358", "CVE-2019-1359", "CVE-2019-1361", "CVE-2019-1362", "CVE-2019-1363", "CVE-2019-1364", "CVE-2019-1365", "CVE-2019-1366", "CVE-2019-1368", "CVE-2019-1369", "CVE-2019-1371", "CVE-2019-1372", "CVE-2019-1375", "CVE-2019-1376", "CVE-2019-1378"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The [latest Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance>) discloses 60 vulnerabilities, nine of which are considered \"critical,\" with the rest being deemed \"important.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software. \n \nTalos also released a new set of SNORT\u24c7 rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2019/10/snort-rule-update-for-oct-8-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed nine critical vulnerabilities this month, eight of which we will highlight below. \n \n[CVE-2019-1333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>) is a client-side remote execution vulnerability in Remote Desktop Services (RDP) that occurs when a user visits a malicious server. An attacker could exploit this vulnerability by having control of a malicious server, and then convincing the user to connect to it \u2014 likely via social engineering or a man-in-the-middle attack. An attacker could also compromise a legitimate server and then host malicious code on it, waiting for a user to connect. If successful, the attacker could gain the ability to remotely execute code on the victim machine that connected to the server. \n \n[CVE-2019-1238](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1238>) and [CVE-2019-1239](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1239>) are remote code execution vulnerabilities that exist in the way VBScript handles objects in memory. These bugs all could lead to memory corruption in a way that would allow an attacker to execute arbitrary code on the victim machine. An attacker could exploit these vulnerabilities by tricking a user into visiting a specially crafted, malicious website through Internet Explorer. They could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that utilizes the Internet Explorer rendering engine. \n \n[CVE-2019-1307](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1307>), [CVE-2019-1308](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1308>), [CVE-2019-1335](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1335>) and [CVE-2019-1366](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1366>) are all memory corruption vulnerabilities in the Chakra Scripting Engine inside of the Microsoft Edge web browser. An attacker could use these bugs to corrupt memory on the victim machine in a way that would allow them to remotely execute arbitrary code. A user could trigger these vulnerabilities by visiting a specially crafted, malicious website in Edge. \n \n[CVE-2019-1372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372>) is an elevation of privilege vulnerability on Azure Stack when the Azure App Service fails to properly check the length of a buffer prior to copying memory to it. An attacker could exploit this vulnerability to copy any function run by the user, thereby executing code in the context of NT AUTHORITY/system, which could allow the attacker to escape a sandbox. \n \nThere is also [CVE-2019-1060](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1060>), a remote code execution vulnerability in Microsoft XML Core Services. \n\n\n### Important vulnerabilities\n\nThis release also contains 51 important vulnerabilities. \n\n\n * [CVE-2019-0608](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0608>)\n * [CVE-2019-1070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1070>)\n * [CVE-2019-1166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1166>)\n * [CVE-2019-1230](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1230>)\n * [CVE-2019-1311](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1311>)\n * [CVE-2019-1313](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1313>)\n * [CVE-2019-1314](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1314>)\n * [CVE-2019-1315](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315>)\n * [CVE-2019-1316](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1316>)\n * [CVE-2019-1317](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1317>)\n * [CVE-2019-1318](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318>)\n * [CVE-2019-1319](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1319>)\n * [CVE-2019-1320](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1320>)\n * [CVE-2019-1321](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1321>)\n * [CVE-2019-1322](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1322>)\n * [CVE-2019-1323](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1323>)\n * [CVE-2019-1325](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1325>)\n * [CVE-2019-1326](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1326>)\n * [CVE-2019-1327](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1327>)\n * [CVE-2019-1328](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328>)\n * [CVE-2019-1329](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329>)\n * [CVE-2019-1330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330>)\n * [CVE-2019-1331](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1331>)\n * [CVE-2019-1334](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1334>)\n * [CVE-2019-1336](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1336>)\n * [CVE-2019-1337](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1337>)\n * [CVE-2019-1338](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1338>)\n * [CVE-2019-1339](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1339>)\n * [CVE-2019-1340](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1340>)\n * [CVE-2019-1341](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1341>)\n * [CVE-2019-1342](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1342>)\n * [CVE-2019-1343](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1343>)\n * [CVE-2019-1344](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1344>)\n * [CVE-2019-1345](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1345>)\n * [CVE-2019-1346](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1346>)\n * [CVE-2019-1347](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1347>)\n * [CVE-2019-1356](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1356>)\n * [CVE-2019-1357](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1357>)\n * [CVE-2019-1358](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1358>)\n * [CVE-2019-1359](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1359>)\n * [CVE-2019-1361](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1361>)\n * [CVE-2019-1362](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1362>)\n * [CVE-2019-1363](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1363>)\n * [CVE-2019-1364](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1364>)\n * [CVE-2019-1365](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1365>)\n * [CVE-2019-1368](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1368>)\n * [CVE-2019-1369](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1369>)\n * [CVE-2019-1371](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1371>)\n * [CVE-2019-1375](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1375>)\n * [CVE-2019-1376](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1376>)\n * [CVE-2019-1378](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 51733 - 51736, 51739 - 51742, 51781 - 51794\n\n", "modified": "2019-10-08T10:11:15", "published": "2019-10-08T10:11:15", "id": "TALOSBLOG:3052A7B74E1E13F630CF51AB1B1A36D6", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/5gWDxm3fpIE/microsoft-patch-tuesday-oct-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Oct. 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:36:02", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1060", "CVE-2019-1371", "CVE-2019-1238", "CVE-2019-0608", "CVE-2019-1357"], "description": "<html><body><p>Describes the cumulative security update for Internet Explorer that was released on October 8, 2019.</p><h2>Summary</h2><p>This article describes a security\u00a0update for\u00a0Internet Explorer. This update resolves the security issues that are described in the following\u00a0articles:</p><ul><li><a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1371\" managed-link=\"\" target=\"_blank\">CVE-2019-1371 | Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1357\" managed-link=\"\" target=\"_blank\">CVE-2019-1357 | Microsoft Browser Spoofing Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-0608\" managed-link=\"\" target=\"_blank\">CVE-2019-0608 | Microsoft Edge Spoofing Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1060\" managed-link=\"\" target=\"_blank\">CVE-2019-1060 | VBScript Remote Code Execution Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2019-1238\" managed-link=\"\" target=\"_blank\">CVE-2019-1238 | VBScript Remote Code Execution Vulnerability</a></li></ul><p>Additionally, see the following articles for more information about this cumulative security update:</p><ul><li><a data-content-id=\"4343218\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">Windows Server 2008 SP2 update history</a></li><li><a data-content-id=\"4009469\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">Windows 7 SP1 and Windows Server 2008 R2 SP1 update history</a></li><li><a data-content-id=\"4009471\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">Windows Server 2012 update history</a></li><li><a data-content-id=\"4009470\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">Windows 8.1 and Windows Server 2012 R2 update history</a></li></ul><p><strong>Important </strong></p><ul><li><p>Except for Internet Explorer 11 on Windows Server 2012, the\u00a0fixes that are included in this Security Update for Internet Explorer (KB 4519974) are also included in the October 2019 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.</p></li><li><p>To obtain this update for Internet Explorer 11 on Server 2012, you must install this Security Update for Internet Explorer (KB 4519974). This update is not included in any Security Monthly Quality Rollup or Security Only Quality Update. For Internet Explorer 10 on Windows Server 2012, other called-out installation methods are applicable.</p></li><li><p>If you use update management processes other than Windows Update, and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer (KB 4519974), the October 2019 Security Only Quality Update, and the October 2019 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.</p></li><li><p>Except for Internet Explorer 11 on Windows Server 2012, this Security Update for Internet Explorer is not applicable for installation on a computer on which the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from September 2019 (or a later month) is already installed. This is because those updates contain all the fixes that are in this security update for Internet Explorer.</p></li><li><p>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/library/hh825699\" id=\"kb-link-5\" target=\"_blank\">Add language packs to Windows</a>.</p></li></ul><h2>How to get and install this update</h2><p><strong>Before installing this update</strong></p><p>You must have the following updates installed and restart the device before you install\u00a0this\u00a0update (KB 4524135). Installing these updates improves the reliability of the update process and mitigates potential issues while installing this\u00a0update.</p><ul><li>Servicing stack update (SSU)\u00a0(<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4490628\" managed-link=\"\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://support.microsoft.com/en/help/4516655\">KB4490628</a>) or a later SSU update.\u00a0If you use\u00a0Windows Update, the SSU\u00a0will be offered to you automatically.\u00a0To get the\u00a0standalone package for the SSU, search for it in the\u00a0<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"http://www.catalog.update.microsoft.com/home.aspx\">Microsoft Update Catalog</a>.\u00a0</li><li>SHA-2 update (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4474419\" managed-link=\"\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://support.microsoft.com/en/help/4474419\">KB4474419</a>) released September 10, 2019.\u00a0If you\u00a0use\u00a0Windows Update, the latest SHA-2 update will be offered to you automatically. For more information on SHA-2 updates, see\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4472027\" managed-link=\"\" rel=\"noreferrer noopener\" tabindex=\"-1\" target=\"_blank\" title=\"https://support.microsoft.com/en/help/4472027\">2019 SHA-2 Code Signing Support requirement for Windows and WSUS</a>.</li></ul><p><span><span>After these\u00a0updates are installed, we strongly recommend\u00a0that you also install the latest servicing stack update (SSU) (<a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/4516655\" managed-link=\"\" target=\"\">KB4516655</a>). If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the <a data-content-id=\"\" data-content-type=\"\" href=\"https://catalog.update.microsoft.com\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a>. </span></span></p><p><strong>Install this update</strong></p><p>To install this update, use one of the following release channels.</p><table class=\"table\"><tbody><tr><td><strong>Release Channel</strong></td><td align=\"center\"><strong>Available</strong></td><td><strong>Next Step</strong></td></tr><tr><td>Windows Update and Microsoft Update</td><td align=\"center\">Yes</td><td><p>None. This update will be downloaded and installed automatically from Windows Update for\u00a0 the following versions:</p><ul><li>Internet Explorer 11 for Windows Server 2012\u00a0and Windows Embedded 8 Standard</li><li>Internet Explorer 8 for Windows Server 2008 SP2</li></ul><p>For all other versions, see the other options below.</p></td></tr><tr><td>Microsoft Update Catalog</td><td align=\"center\">Yes</td><td>To get the standalone package for this update, go to the\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4524135\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Update Catalog</a>\u00a0website.</td></tr><tr><td>Windows Server Update Services (WSUS)</td><td align=\"center\">Yes</td><td><p>This update will automatically synchronize with WSUS if you configure\u00a0<strong>Products and Classifications</strong>\u00a0as follows:</p><p><strong>Product</strong>: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2</p><p><strong>Classification</strong>: Security Updates</p></td></tr></tbody></table><h2>Known issues in this security update</h2><p>Microsoft is not currently aware of any issues with this update.</p><h2>Deployment information</h2><p>For deployment details for this security update, see the following article in the Microsoft Knowledge Base:</p><p class=\"indent-1\"><a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/help/20191008\" managed-link=\"\" target=\"_blank\">Security update deployment information: October 8, 2019</a></p><h2>File information</h2><h3>File verification</h3><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Windows8.1-KB4519974-x86.msu</td><td>E6EC68645FB16A57C0890FD33FA3C3B6F9705908</td><td>26CD477B4B8E0C651431AB6359C8B8DDE9111877A4B711D470C024AAA65C8E26</td></tr><tr><td>Windows8.1-KB4519974-arm.msu</td><td>CD0F3665500BB8A63A079BEA7A7C88163099285F</td><td>3232474F7E13E08CC1E95EF0DEB6AA65225AB59667E5B7DB104D866BBCBAFCFB</td></tr><tr><td>Windows8.1-KB4519974-x64.msu</td><td>A55C9959A450546C9C3E5779DDDDB34C1CFB294E</td><td>6AE98FD36070C5D4C3BD03779924F2484C4D96C0F680B762152DE16CEF5DC226</td></tr><tr><td>IE11-Windows6.2-KB4519974-X86.msu</td><td>0567E7FA3BDF11AD45C4B2CE513F460923C32B0E</td><td>0DDFC9A557D4EB94D3BF46488F484D111F2D2330EB33CEFAB7945314B1767EAC</td></tr><tr><td>IE11-Windows6.2-KB4519974-X64.msu</td><td>23147DD46E90A3A5BC1BC4807D9C58ACE4CADEC8</td><td>4040DDD154E0D6BF3A94647AE69DBBBF19D4F267E5CD892A7FC744D6A2E56112</td></tr><tr><td>Windows8-RT-KB4519974-x64.msu</td><td>FAF06EF46F9B0349BBD042578A023254EBC14363</td><td>9732C27C5964486D059BE606A11A7AD05B2E55138DBB957EF9DC41E100B71FEE</td></tr><tr><td>IE11-Windows6.1-KB4519974-X86.msu</td><td>245B6DFE9D734DDD74ACCD00274E0A3EC0C03325</td><td>C667B981BE428F5995689C264E8E05FF0B51289FF22D1A523BCC8D5559EF7F44</td></tr><tr><td>IE11-Windows6.1-KB4519974-X64.msu</td><td>16B3ED0B7EB90A3411B47F0CC610BE7C9723CCCE</td><td>2FC798C22CD1BA1F0EFF3C40D25583EB711D6A1A74BD80E4924B0C292E4C4E37</td></tr><tr><td>IE9-Windows6.0-KB4519974-X86.msu</td><td>8068FE103DC98312E086BBEB561D7B927A49CAB0</td><td>F4002696A847451515CF57378C095FF2434052C7F3A1324D31D7ED34EB601EE3</td></tr><tr><td>IE9-Windows6.0-KB4519974-X64.msu</td><td>46076D619B21A10AB31199FD5422B11C2C2757DC</td><td>886947E2377A280474DB0EFB765D6497999759E0AC779CCE16547E5084750EE6</td></tr></tbody></table></td></tr></tbody></table><h3>File attributes</h3><p><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.</span></p><p><strong>Note</strong>\u00a0The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.</p><h4>Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2</h4><p><strong>Internet Explorer 11</strong></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">Internet Explorer 11 on all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">SP requirement</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Actxprxy.dll</td><td>6.3.9600.19301</td><td>1,049,600</td><td>26-Feb-2019</td><td>06:20</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Hlink.dll</td><td>6.3.9600.19101</td><td>99,328</td><td>19-Jul-2018</td><td>03:55</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Pngfilt.dll</td><td>11.0.9600.17416</td><td>57,344</td><td>31-Oct-2014</td><td>03:26</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll</td><td>11.0.9600.19502</td><td>1,331,712</td><td>28-Sep-2019</td><td>05:14</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iexplore.exe</td><td>11.0.9600.19036</td><td>817,296</td><td>25-May-2018</td><td>05:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininetplugin.dll</td><td>6.3.9600.17416</td><td>35,328</td><td>31-Oct-2014</td><td>03:12</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>46,592</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>56,320</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>57,856</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>19:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>47,616</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,152</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>55,296</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>45,056</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>39,424</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>35,840</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,760</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>20:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>20:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>20:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>20:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>20:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>20:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Html.iec</td><td>2019.0.0.18895</td><td>341,504</td><td>02-Jan-2018</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl</td><td>11.0.9600.19502</td><td>2,058,752</td><td>28-Sep-2019</td><td>05:36</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>307,200</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>293,888</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,304</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>289,280</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>299,008</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>303,104</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>282,112</td><td>10-Jul-2019</td><td>04:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>282,112</td><td>10-Jul-2019</td><td>03:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>296,960</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>283,648</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>291,840</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>299,520</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>275,968</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,816</td><td>10-Jul-2019</td><td>04:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>293,376</td><td>10-Jul-2019</td><td>04:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>296,960</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>258,048</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>256,512</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>289,280</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>288,256</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>285,184</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>295,424</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>297,472</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,864</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>295,424</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>294,400</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>294,400</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,864</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,816</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>28-Sep-2019</td><td>07:48</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>286,208</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>281,600</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>286,720</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,352</td><td>10-Jul-2019</td><td>04:42</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>242,176</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>243,200</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>243,200</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>73,728</td><td>16-Aug-2014</td><td>08:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>08:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>08:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,240</td><td>16-Aug-2014</td><td>08:35</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>78,848</td><td>16-Aug-2014</td><td>08:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>61,440</td><td>16-Aug-2014</td><td>08:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>61,440</td><td>16-Aug-2014</td><td>02:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,752</td><td>16-Aug-2014</td><td>08:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>62,464</td><td>16-Aug-2014</td><td>08:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,096</td><td>16-Aug-2014</td><td>08:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>75,264</td><td>16-Aug-2014</td><td>08:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>08:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,680</td><td>16-Aug-2014</td><td>08:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>73,216</td><td>16-Aug-2014</td><td>08:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>41,472</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>37,888</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,240</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>70,656</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,168</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,680</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,168</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>69,632</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,096</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>08:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.19502</td><td>68,096</td><td>28-Sep-2019</td><td>07:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>59,904</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>69,120</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>29,696</td><td>16-Aug-2014</td><td>08:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>30,720</td><td>16-Aug-2014</td><td>08:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>30,720</td><td>16-Aug-2014</td><td>08:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Javascriptcollectionagent.dll</td><td>11.0.9600.17416</td><td>60,416</td><td>31-Oct-2014</td><td>02:57</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub.scriptedsandboxplugin.dll</td><td>11.0.9600.17905</td><td>230,400</td><td>15-Jun-2015</td><td>20:50</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>46,080</td><td>11-Jun-2016</td><td>20:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>20:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,712</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>54,272</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>18:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>20:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>45,056</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,936</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,424</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,200</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:05</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsproxy.dll</td><td>11.0.9600.17416</td><td>47,104</td><td>31-Oct-2014</td><td>03:16</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll</td><td>11.0.9600.19502</td><td>4,387,840</td><td>28-Sep-2019</td><td>05:18</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,176</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>07-Sep-2017</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>124,928</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,880</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,048</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>138,240</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,688</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18666</td><td>114,688</td><td>16-Apr-2017</td><td>08:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>131,584</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>117,760</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,368</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>134,144</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>107,008</td><td>07-Sep-2017</td><td>21:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>123,392</td><td>14-Oct-2017</td><td>08:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>127,488</td><td>07-Sep-2017</td><td>21:11</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,512</td><td>07-Sep-2017</td><td>21:11</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>88,064</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>82,944</td><td>14-Oct-2017</td><td>08:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,392</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>120,320</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,952</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,000</td><td>07-Sep-2017</td><td>22:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>22:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,416</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>121,856</td><td>07-Sep-2017</td><td>20:56</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>115,712</td><td>07-Sep-2017</td><td>21:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>21:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>07-Sep-2017</td><td>21:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>74,752</td><td>07-Sep-2017</td><td>21:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>07-Sep-2017</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieui.dll</td><td>11.0.9600.18895</td><td>476,160</td><td>02-Jan-2018</td><td>04:44</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedkcs32.dll</td><td>18.0.9600.19404</td><td>333,312</td><td>10-Jul-2019</td><td>02:38</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Install.ins</td><td>Not applicable</td><td>464</td><td>28-Sep-2019</td><td>03:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dat</td><td>10.0.9301.0</td><td>616,104</td><td>24-Sep-2013</td><td>02:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dll</td><td>11.0.9600.19502</td><td>710,144</td><td>28-Sep-2019</td><td>05:13</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iepeers.dll</td><td>11.0.9600.19502</td><td>128,000</td><td>28-Sep-2019</td><td>05:45</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Licmgr10.dll</td><td>11.0.9600.17416</td><td>27,136</td><td>31-Oct-2014</td><td>03:03</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Tdc.ocx</td><td>11.0.9600.18666</td><td>73,216</td><td>16-Apr-2017</td><td>07:29</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub.datawarehouse.dll</td><td>11.0.9600.18895</td><td>489,472</td><td>02-Jan-2018</td><td>04:55</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedvtool.dll</td><td>11.0.9600.19502</td><td>772,608</td><td>28-Sep-2019</td><td>06:30</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub_is.dll</td><td>11.0.9600.17416</td><td>37,888</td><td>31-Oct-2014</td><td>03:29</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtmsft.dll</td><td>11.0.9600.18895</td><td>416,256</td><td>02-Jan-2018</td><td>04:34</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtrans.dll</td><td>11.0.9600.19502</td><td>279,040</td><td>28-Sep-2019</td><td>05:44</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-f12-provider.ptxml</td><td>Not applicable</td><td>11,892</td><td>15-Aug-2014</td><td>22:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:35</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:36</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>02:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.19502</td><td>4,096</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>08:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>08:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticstap.dll</td><td>11.0.9600.17905</td><td>174,592</td><td>15-Jun-2015</td><td>20:52</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll</td><td>11.0.9600.18939</td><td>10,948,096</td><td>10-Feb-2018</td><td>17:17</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>F12tools.dll</td><td>11.0.9600.17905</td><td>255,488</td><td>15-Jun-2015</td><td>20:51</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll</td><td>11.0.9600.19502</td><td>1,206,272</td><td>28-Sep-2019</td><td>05:42</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.dll</td><td>11.0.9600.19502</td><td>696,320</td><td>28-Sep-2019</td><td>05:36</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.mof</td><td>Not applicable</td><td>1,518</td><td>06-Feb-2014</td><td>05:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.dll</td><td>11.0.9600.17416</td><td>52,736</td><td>31-Oct-2014</td><td>02:53</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.mof</td><td>Not applicable</td><td>1,574</td><td>21-Aug-2013</td><td>23:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedssync.exe</td><td>11.0.9600.17416</td><td>11,264</td><td>31-Oct-2014</td><td>03:25</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshta.exe</td><td>11.0.9600.17416</td><td>12,800</td><td>31-Oct-2014</td><td>03:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtmled.dll</td><td>11.0.9600.19404</td><td>76,288</td><td>10-Jul-2019</td><td>02:48</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-htmlrendering.ptxml</td><td>Not applicable</td><td>3,228</td><td>06-Feb-2014</td><td>05:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll</td><td>11.0.9600.19502</td><td>20,290,048</td><td>28-Sep-2019</td><td>06:30</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.tlb</td><td>11.0.9600.16518</td><td>2,724,864</td><td>06-Feb-2014</td><td>10:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieadvpack.dll</td><td>11.0.9600.17416</td><td>112,128</td><td>31-Oct-2014</td><td>03:14</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwcollector.exe</td><td>11.0.9600.18666</td><td>104,960</td><td>16-Apr-2017</td><td>07:47</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwcollectorres.dll</td><td>11.0.9600.16518</td><td>4,096</td><td>06-Feb-2014</td><td>10:19</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwproxystub.dll</td><td>11.0.9600.17416</td><td>47,616</td><td>31-Oct-2014</td><td>03:23</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ielowutil.exe</td><td>11.0.9600.19404</td><td>221,184</td><td>10-Jul-2019</td><td>03:06</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieproxy.dll</td><td>11.0.9600.19502</td><td>301,056</td><td>28-Sep-2019</td><td>05:10</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieshims.dll</td><td>11.0.9600.19502</td><td>290,304</td><td>28-Sep-2019</td><td>05:16</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iexpress.exe</td><td>11.0.9600.17416</td><td>152,064</td><td>31-Oct-2014</td><td>03:27</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wextract.exe</td><td>11.0.9600.17416</td><td>137,728</td><td>31-Oct-2014</td><td>03:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Imgutil.dll</td><td>11.0.9600.17416</td><td>40,448</td><td>31-Oct-2014</td><td>02:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Extexport.exe</td><td>11.0.9600.17416</td><td>25,600</td><td>31-Oct-2014</td><td>03:20</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Bing.ico</td><td>Not applicable</td><td>5,430</td><td>24-Sep-2013</td><td>02:36</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieunatt.exe</td><td>11.0.9600.17416</td><td>115,712</td><td>31-Oct-2014</td><td>03:12</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-internetexplorer-ppdlic.xrm-ms</td><td>Not applicable</td><td>2,956</td><td>28-Sep-2019</td><td>07:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows feed discovered.wav</td><td>Not applicable</td><td>19,884</td><td>24-Sep-2013</td><td>02:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows information bar.wav</td><td>Not applicable</td><td>23,308</td><td>24-Sep-2013</td><td>02:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows navigation start.wav</td><td>Not applicable</td><td>11,340</td><td>24-Sep-2013</td><td>02:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows pop-up blocked.wav</td><td>Not applicable</td><td>85,548</td><td>24-Sep-2013</td><td>02:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsdbgui.dll</td><td>11.0.9600.18895</td><td>459,776</td><td>02-Jan-2018</td><td>04:27</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsprofilerui.dll</td><td>11.0.9600.18895</td><td>579,584</td><td>02-Jan-2018</td><td>04:27</td><td>x86</td><td>SPR</td><td>X86_MICROSOFT-WINDOWS-IE-JSP</td></tr><tr><td>Memoryanalyzer.dll</td><td>11.0.9600.19178</td><td>1,399,296</td><td>12-Oct-2018</td><td>20:16</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtmldac.dll</td><td>11.0.9600.19502</td><td>64,000</td><td>28-Sep-2019</td><td>06:10</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Networkinspection.dll</td><td>11.0.9600.19404</td><td>1,075,200</td><td>10-Jul-2019</td><td>02:45</td><td>x86</td><td>SPE</td><td>X86_MICROSOFT-WINDOWS-IE-NETWORKINSP</td></tr><tr><td>Desktop.ini</td><td>Not applicable</td><td>65</td><td>18-Jun-2013</td><td>12:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Occache.dll</td><td>11.0.9600.17416</td><td>130,048</td><td>31-Oct-2014</td><td>02:48</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Desktop.ini</td><td>Not applicable</td><td>65</td><td>18-Jun-2013</td><td>12:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Webcheck.dll</td><td>11.0.9600.19502</td><td>230,400</td><td>28-Sep-2019</td><td>05:38</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msdbg2.dll</td><td>12.0.41202.0</td><td>315,008</td><td>30-Sep-2014</td><td>23:00</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdm.dll</td><td>12.0.41202.0</td><td>442,992</td><td>30-Sep-2014</td><td>23:00</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdmproxy100.dll</td><td>12.0.41202.0</td><td>99,984</td><td>30-Sep-2014</td><td>23:00</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Icrav03.rat</td><td>Not applicable</td><td>8,798</td><td>24-Sep-2013</td><td>02:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msrating.dll</td><td>11.0.9600.19502</td><td>168,960</td><td>28-Sep-2019</td><td>05:46</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ticrf.rat</td><td>Not applicable</td><td>1,988</td><td>24-Sep-2013</td><td>02:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iertutil.dll</td><td>11.0.9600.19502</td><td>2,302,464</td><td>28-Sep-2019</td><td>06:09</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ie4uinit.exe</td><td>11.0.9600.19502</td><td>692,224</td><td>28-Sep-2019</td><td>05:36</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iernonce.dll</td><td>11.0.9600.17416</td><td>30,720</td><td>31-Oct-2014</td><td>03:15</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesetup.dll</td><td>11.0.9600.17416</td><td>62,464</td><td>31-Oct-2014</td><td>03:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inseng.dll</td><td>11.0.9600.17416</td><td>91,136</td><td>31-Oct-2014</td><td>02:56</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesysprep.dll</td><td>11.0.9600.17416</td><td>90,624</td><td>31-Oct-2014</td><td>02:56</td><td>x86</td><td>SPR</td><td>X86_MICROSOFT-WINDOWS-IE-SYSP</td></tr><tr><td>Timeline.dll</td><td>11.0.9600.17416</td><td>153,600</td><td>31-Oct-2014</td><td>02:55</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Timeline.cpu.xml</td><td>Not applicable</td><td>3,197</td><td>24-Jul-2014</td><td>19:11</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Timeline_is.dll</td><td>11.0.9600.17416</td><td>124,416</td><td>31-Oct-2014</td><td>03:15</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Vgx.dll</td><td>11.0.9600.19502</td><td>817,664</td><td>28-Sep-2019</td><td>05:46</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Url.dll</td><td>11.0.9600.17416</td><td>235,520</td><td>31-Oct-2014</td><td>03:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,673,728</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,728,000</td><td>10-Jul-2019</td><td>04:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,682,432</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,670,656</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,921,536</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,997,312</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,640,960</td><td>28-Sep-2019</td><td>07:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,639,936</td><td>10-Jul-2019</td><td>03:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,914,880</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,863,168</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,668,608</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,932,800</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,627,136</td><td>28-Sep-2019</td><td>07:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,678,336</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,690,112</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,914,368</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,777,664</td><td>28-Sep-2019</td><td>07:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,761,280</td><td>10-Jul-2019</td><td>04:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,899,008</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,890,816</td><td>10-Jul-2019</td><td>04:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,658,880</td><td>10-Jul-2019</td><td>04:56</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,908,736</td><td>28-Sep-2019</td><td>07:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,700,352</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,682,944</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,906,176</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,701,888</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,924,096</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,912,320</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,886,208</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,893,376</td><td>28-Sep-2019</td><td>07:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,667,072</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,922,560</td><td>28-Sep-2019</td><td>07:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,886,208</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,932,288</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,705,472</td><td>28-Sep-2019</td><td>07:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,497,600</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,497,600</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll</td><td>11.0.9600.19502</td><td>13,808,128</td><td>28-Sep-2019</td><td>05:33</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.ptxml</td><td>Not applicable</td><td>24,486</td><td>06-Feb-2014</td><td>05:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieinstal.exe</td><td>11.0.9600.18921</td><td>475,648</td><td>10-Feb-2018</td><td>05:35</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,916</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>494,286</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>546,719</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>935,931</td><td>28-Sep-2019</td><td>07:48</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>28-Sep-2019</td><td>06:57</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>538,482</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,946</td><td>28-Sep-2019</td><td>07:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>570,169</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>564,915</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>542,763</td><td>28-Sep-2019</td><td>07:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>632,836</td><td>28-Sep-2019</td><td>07:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,065</td><td>28-Sep-2019</td><td>07:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>483,289</td><td>28-Sep-2019</td><td>07:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>543,188</td><td>28-Sep-2019</td><td>07:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>553,376</td><td>28-Sep-2019</td><td>07:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>529,666</td><td>28-Sep-2019</td><td>07:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>536,163</td><td>28-Sep-2019</td><td>07:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>796,921</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>498,717</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>516,048</td><td>28-Sep-2019</td><td>07:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>415,256</td><td>28-Sep-2019</td><td>07:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,865</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,865</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.admx</td><td>Not applicable</td><td>1,672,213</td><td>28-Sep-2019</td><td>03:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcomm.dll</td><td>6.3.9600.19502</td><td>880,640</td><td>28-Sep-2019</td><td>05:41</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.dll</td><td>6.3.9600.16384</td><td>84,480</td><td>22-Aug-2013</td><td>04:14</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9.dll</td><td>11.0.9600.19502</td><td>4,112,384</td><td>28-Sep-2019</td><td>05:39</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9diag.dll</td><td>11.0.9600.19101</td><td>620,032</td><td>19-Jul-2018</td><td>03:54</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript.dll</td><td>5.8.9600.19502</td><td>659,968</td><td>28-Sep-2019</td><td>06:02</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Vbscript.dll</td><td>5.8.9600.19502</td><td>496,128</td><td>28-Sep-2019</td><td>06:12</td><td>x86</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">Internet Explorer 11 on all supported ARM-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">SP requirement</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Actxprxy.dll</td><td>6.3.9600.19301</td><td>1,064,960</td><td>26-Feb-2019</td><td>05:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Hlink.dll</td><td>6.3.9600.19101</td><td>68,608</td><td>19-Jul-2018</td><td>03:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Pngfilt.dll</td><td>11.0.9600.16384</td><td>47,616</td><td>22-Aug-2013</td><td>03:06</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll</td><td>11.0.9600.19502</td><td>1,037,824</td><td>28-Sep-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iexplore.exe</td><td>11.0.9600.19502</td><td>807,816</td><td>28-Sep-2019</td><td>06:22</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininetplugin.dll</td><td>6.3.9600.16384</td><td>33,792</td><td>22-Aug-2013</td><td>02:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>46,592</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>56,320</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>57,856</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>18:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>47,616</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,152</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>55,296</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>45,056</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>39,424</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>35,840</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,760</td><td>12-Nov-2016</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:06</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:06</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:06</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:06</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Html.iec</td><td>2019.0.0.19301</td><td>320,000</td><td>26-Feb-2019</td><td>06:35</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl</td><td>11.0.9600.19502</td><td>2,007,040</td><td>28-Sep-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>307,200</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>293,888</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,304</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>289,280</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>299,008</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>303,104</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>282,112</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>282,112</td><td>28-Sep-2019</td><td>06:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>296,960</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>283,648</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>291,840</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>299,520</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>275,968</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>293,376</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>296,960</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>258,048</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>256,512</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>289,280</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>288,256</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>285,184</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>295,424</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>297,472</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,864</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>295,424</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>294,400</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>294,400</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,864</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>286,208</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>281,600</td><td>28-Sep-2019</td><td>06:48</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>286,720</td><td>28-Sep-2019</td><td>06:48</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,352</td><td>28-Sep-2019</td><td>06:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>242,176</td><td>28-Sep-2019</td><td>06:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>243,200</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>243,200</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>73,728</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,240</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>78,848</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>61,440</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>61,440</td><td>16-Aug-2014</td><td>01:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,752</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>62,464</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>75,264</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>11:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,680</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>73,216</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>41,472</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>37,888</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,240</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>70,656</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,168</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,680</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,168</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>69,632</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>11:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.19502</td><td>68,096</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>59,904</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>69,120</td><td>16-Aug-2014</td><td>11:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>29,696</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>30,720</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>30,720</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Javascriptcollectionagent.dll</td><td>11.0.9600.17416</td><td>63,488</td><td>31-Oct-2014</td><td>02:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub.scriptedsandboxplugin.dll</td><td>11.0.9600.17905</td><td>215,552</td><td>15-Jun-2015</td><td>19:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>46,080</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,712</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>54,272</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>17:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>45,056</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>19:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,936</td><td>11-Jun-2016</td><td>19:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,424</td><td>11-Jun-2016</td><td>19:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,200</td><td>11-Jun-2016</td><td>19:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>19:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>19:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsproxy.dll</td><td>11.0.9600.17416</td><td>39,936</td><td>31-Oct-2014</td><td>02:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll</td><td>11.0.9600.19502</td><td>4,147,712</td><td>28-Sep-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,176</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>124,928</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,880</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,048</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>138,240</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,688</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18698</td><td>114,688</td><td>14-May-2017</td><td>19:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>131,584</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>117,760</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,368</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>134,144</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>107,008</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>123,392</td><td>14-Oct-2017</td><td>07:14</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>127,488</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,512</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>88,064</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>82,944</td><td>14-Oct-2017</td><td>07:14</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,392</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>120,320</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,952</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,000</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,416</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>121,856</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>115,712</td><td>07-Sep-2017</td><td>22:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>22:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>07-Sep-2017</td><td>22:22</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>74,752</td><td>07-Sep-2017</td><td>22:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>07-Sep-2017</td><td>22:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>07-Sep-2017</td><td>22:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieui.dll</td><td>11.0.9600.19101</td><td>427,520</td><td>19-Jul-2018</td><td>03:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedkcs32.dll</td><td>18.0.9600.19502</td><td>292,864</td><td>28-Sep-2019</td><td>05:14</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Install.ins</td><td>Not applicable</td><td>464</td><td>28-Sep-2019</td><td>03:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dat</td><td>10.0.9301.0</td><td>616,104</td><td>24-Sep-2013</td><td>02:22</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dll</td><td>11.0.9600.19502</td><td>548,352</td><td>28-Sep-2019</td><td>04:57</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iepeers.dll</td><td>11.0.9600.19502</td><td>107,008</td><td>28-Sep-2019</td><td>05:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Licmgr10.dll</td><td>11.0.9600.17416</td><td>23,552</td><td>31-Oct-2014</td><td>02:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Tdc.ocx</td><td>11.0.9600.18698</td><td>61,952</td><td>14-May-2017</td><td>18:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub.datawarehouse.dll</td><td>11.0.9600.17416</td><td>495,616</td><td>31-Oct-2014</td><td>02:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedvtool.dll</td><td>11.0.9600.19502</td><td>726,016</td><td>28-Sep-2019</td><td>05:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub_is.dll</td><td>11.0.9600.17416</td><td>38,912</td><td>31-Oct-2014</td><td>02:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtmsft.dll</td><td>11.0.9600.18052</td><td>368,640</td><td>10-Sep-2015</td><td>15:57</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtrans.dll</td><td>11.0.9600.19502</td><td>221,696</td><td>28-Sep-2019</td><td>05:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-f12-provider.ptxml</td><td>Not applicable</td><td>11,892</td><td>15-Aug-2014</td><td>22:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>01:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.19502</td><td>4,096</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>11:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>11:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>11:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticstap.dll</td><td>11.0.9600.19180</td><td>174,592</td><td>18-Oct-2018</td><td>03:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll</td><td>11.0.9600.17496</td><td>10,948,608</td><td>22-Nov-2014</td><td>01:44</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12tools.dll</td><td>11.0.9600.19502</td><td>263,168</td><td>28-Sep-2019</td><td>05:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll</td><td>11.0.9600.19502</td><td>1,184,256</td><td>28-Sep-2019</td><td>05:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.dll</td><td>11.0.9600.19502</td><td>587,264</td><td>28-Sep-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.mof</td><td>Not applicable</td><td>1,518</td><td>06-Feb-2014</td><td>05:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.dll</td><td>11.0.9600.17416</td><td>43,008</td><td>31-Oct-2014</td><td>02:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.mof</td><td>Not applicable</td><td>1,574</td><td>21-Aug-2013</td><td>23:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedssync.exe</td><td>11.0.9600.16384</td><td>11,776</td><td>22-Aug-2013</td><td>03:05</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtmled.dll</td><td>11.0.9600.19502</td><td>73,216</td><td>28-Sep-2019</td><td>05:22</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-htmlrendering.ptxml</td><td>Not applicable</td><td>3,228</td><td>06-Feb-2014</td><td>05:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll</td><td>11.0.9600.19502</td><td>16,227,840</td><td>28-Sep-2019</td><td>05:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.tlb</td><td>11.0.9600.16518</td><td>2,724,864</td><td>06-Feb-2014</td><td>09:36</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieadvpack.dll</td><td>11.0.9600.16384</td><td>98,816</td><td>22-Aug-2013</td><td>02:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwcollector.exe</td><td>11.0.9600.18658</td><td>98,816</td><td>05-Apr-2017</td><td>17:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwcollectorres.dll</td><td>11.0.9600.16518</td><td>4,096</td><td>06-Feb-2014</td><td>09:36</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwproxystub.dll</td><td>11.0.9600.16518</td><td>43,008</td><td>06-Feb-2014</td><td>09:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ielowutil.exe</td><td>11.0.9600.17031</td><td>222,208</td><td>22-Feb-2014</td><td>09:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieproxy.dll</td><td>11.0.9600.19502</td><td>297,472</td><td>28-Sep-2019</td><td>04:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieshims.dll</td><td>11.0.9600.19502</td><td>268,800</td><td>28-Sep-2019</td><td>05:00</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Imgutil.dll</td><td>11.0.9600.18123</td><td>35,328</td><td>08-Nov-2015</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Bing.ico</td><td>Not applicable</td><td>5,430</td><td>24-Sep-2013</td><td>02:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieunatt.exe</td><td>11.0.9600.16518</td><td>112,128</td><td>06-Feb-2014</td><td>09:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-internetexplorer-ppdlic.xrm-ms</td><td>Not applicable</td><td>2,956</td><td>28-Sep-2019</td><td>06:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows feed discovered.wav</td><td>Not applicable</td><td>19,884</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows information bar.wav</td><td>Not applicable</td><td>23,308</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows navigation start.wav</td><td>Not applicable</td><td>11,340</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows pop-up blocked.wav</td><td>Not applicable</td><td>85,548</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsdbgui.dll</td><td>11.0.9600.17905</td><td>457,216</td><td>15-Jun-2015</td><td>19:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsprofilerui.dll</td><td>11.0.9600.19502</td><td>574,976</td><td>28-Sep-2019</td><td>05:23</td><td>Not applicable</td><td>SPR</td><td>ARM_MICROSOFT-WINDOWS-IE-JSP</td></tr><tr><td>Memoryanalyzer.dll</td><td>11.0.9600.17905</td><td>1,934,848</td><td>15-Jun-2015</td><td>20:00</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtmldac.dll</td><td>11.0.9600.19502</td><td>60,928</td><td>28-Sep-2019</td><td>05:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Networkinspection.dll</td><td>11.0.9600.19400</td><td>1,105,408</td><td>18-Jun-2019</td><td>02:49</td><td>Not applicable</td><td>SPE</td><td>ARM_MICROSOFT-WINDOWS-IE-NETWORKINSP</td></tr><tr><td>Desktop.ini</td><td>Not applicable</td><td>65</td><td>18-Jun-2013</td><td>14:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Occache.dll</td><td>11.0.9600.19502</td><td>121,856</td><td>28-Sep-2019</td><td>05:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Desktop.ini</td><td>Not applicable</td><td>65</td><td>18-Jun-2013</td><td>14:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Webcheck.dll</td><td>11.0.9600.19502</td><td>201,216</td><td>28-Sep-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msdbg2.dll</td><td>12.0.20712.1</td><td>295,320</td><td>26-Jul-2013</td><td>17:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdm.dll</td><td>12.0.20712.1</td><td>420,752</td><td>26-Jul-2013</td><td>17:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdmproxy100.dll</td><td>12.0.20712.1</td><td>76,712</td><td>26-Jul-2013</td><td>17:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Icrav03.rat</td><td>Not applicable</td><td>8,798</td><td>24-Sep-2013</td><td>02:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msrating.dll</td><td>11.0.9600.17905</td><td>157,184</td><td>15-Jun-2015</td><td>19:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ticrf.rat</td><td>Not applicable</td><td>1,988</td><td>24-Sep-2013</td><td>02:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iertutil.dll</td><td>11.0.9600.19502</td><td>2,180,608</td><td>28-Sep-2019</td><td>05:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ie4uinit.exe</td><td>11.0.9600.19502</td><td>677,888</td><td>28-Sep-2019</td><td>05:14</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iernonce.dll</td><td>11.0.9600.16518</td><td>28,160</td><td>06-Feb-2014</td><td>09:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesetup.dll</td><td>11.0.9600.16518</td><td>59,904</td><td>06-Feb-2014</td><td>09:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inseng.dll</td><td>11.0.9600.16384</td><td>77,312</td><td>22-Aug-2013</td><td>02:35</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesysprep.dll</td><td>11.0.9600.17416</td><td>87,552</td><td>31-Oct-2014</td><td>02:28</td><td>Not applicable</td><td>SPR</td><td>ARM_MICROSOFT-WINDOWS-IE-SYSP</td></tr><tr><td>Timeline.dll</td><td>11.0.9600.19502</td><td>155,136</td><td>28-Sep-2019</td><td>05:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Timeline.cpu.xml</td><td>Not applicable</td><td>3,197</td><td>24-Jul-2014</td><td>19:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Timeline_is.dll</td><td>11.0.9600.17416</td><td>129,536</td><td>31-Oct-2014</td><td>02:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Vgx.dll</td><td>11.0.9600.19502</td><td>734,208</td><td>28-Sep-2019</td><td>05:22</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Url.dll</td><td>11.0.9600.17416</td><td>236,032</td><td>31-Oct-2014</td><td>02:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,673,728</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,728,000</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,682,432</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,670,656</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,921,536</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,997,312</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,640,960</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,639,936</td><td>28-Sep-2019</td><td>06:11</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,914,880</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,863,168</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,668,608</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,932,800</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,627,136</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,678,336</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,690,112</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,914,368</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,777,664</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,761,280</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,899,008</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,890,816</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,658,880</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,908,736</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,700,352</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,682,944</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,906,176</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,701,888</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,924,096</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,912,320</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,886,208</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,893,376</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,667,072</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,922,560</td><td>28-Sep-2019</td><td>06:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,886,208</td><td>28-Sep-2019</td><td>06:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,932,288</td><td>28-Sep-2019</td><td>06:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,705,472</td><td>28-Sep-2019</td><td>06:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,497,600</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,497,600</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll</td><td>11.0.9600.19502</td><td>12,251,136</td><td>28-Sep-2019</td><td>04:56</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.ptxml</td><td>Not applicable</td><td>24,486</td><td>06-Feb-2014</td><td>05:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,916</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>494,286</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>546,719</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>935,931</td><td>28-Sep-2019</td><td>06:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>28-Sep-2019</td><td>06:11</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>538,482</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,946</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>570,169</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>564,915</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>542,763</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>632,836</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,065</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>483,289</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>543,188</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>553,376</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>529,666</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>536,163</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>796,921</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>498,717</td><td>28-Sep-2019</td><td>06:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>516,048</td><td>28-Sep-2019</td><td>06:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>415,256</td><td>28-Sep-2019</td><td>06:48</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,865</td><td>28-Sep-2019</td><td>06:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,865</td><td>28-Sep-2019</td><td>06:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.admx</td><td>Not applicable</td><td>1,672,213</td><td>28-Sep-2019</td><td>03:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcomm.dll</td><td>6.3.9600.19502</td><td>675,328</td><td>28-Sep-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.dll</td><td>6.3.9600.16384</td><td>84,480</td><td>22-Aug-2013</td><td>03:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9.dll</td><td>11.0.9600.19502</td><td>3,572,224</td><td>28-Sep-2019</td><td>05:05</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9diag.dll</td><td>11.0.9600.19502</td><td>557,568</td><td>28-Sep-2019</td><td>05:35</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript.dll</td><td>5.8.9600.19502</td><td>518,144</td><td>28-Sep-2019</td><td>05:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Vbscript.dll</td><td>5.8.9600.19502</td><td>402,944</td><td>28-Sep-2019</td><td>05:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">Internet Explorer 11 on all supported x64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">SP requirement</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Actxprxy.dll</td><td>6.3.9600.19301</td><td>2,882,048</td><td>26-Feb-2019</td><td>06:25</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Hlink.dll</td><td>6.3.9600.19101</td><td>108,544</td><td>19-Jul-2018</td><td>04:22</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Pngfilt.dll</td><td>11.0.9600.17416</td><td>64,512</td><td>31-Oct-2014</td><td>05:09</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll</td><td>11.0.9600.19502</td><td>1,566,208</td><td>28-Sep-2019</td><td>05:31</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iexplore.exe</td><td>11.0.9600.19036</td><td>817,296</td><td>25-May-2018</td><td>06:30</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininetplugin.dll</td><td>6.3.9600.17416</td><td>43,008</td><td>31-Oct-2014</td><td>04:51</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>46,592</td><td>12-Nov-2016</td><td>21:35</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>56,320</td><td>12-Nov-2016</td><td>21:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>57,856</td><td>13-Nov-2016</td><td>00:01</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>23:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>13-Nov-2016</td><td>00:00</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>47,616</td><td>12-Nov-2016</td><td>23:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,152</td><td>12-Nov-2016</td><td>23:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>55,296</td><td>12-Nov-2016</td><td>21:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>45,056</td><td>13-Nov-2016</td><td>00:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>23:57</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>23:57</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>39,424</td><td>12-Nov-2016</td><td>21:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>35,840</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,760</td><td>12-Nov-2016</td><td>21:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>21:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>21:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>28-Sep-2019</td><td>08:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Html.iec</td><td>2019.0.0.19301</td><td>417,280</td><td>26-Feb-2019</td><td>07:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl</td><td>11.0.9600.19502</td><td>2,132,992</td><td>28-Sep-2019</td><td>05:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>307,200</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>293,888</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,304</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>289,280</td><td>10-Jul-2019</td><td>05:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>299,008</td><td>10-Jul-2019</td><td>05:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>303,104</td><td>10-Jul-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>282,112</td><td>10-Jul-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>282,112</td><td>10-Jul-2019</td><td>04:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>296,960</td><td>10-Jul-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>283,648</td><td>10-Jul-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>291,840</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>299,520</td><td>10-Jul-2019</td><td>05:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>275,968</td><td>10-Jul-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,816</td><td>10-Jul-2019</td><td>05:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>293,376</td><td>10-Jul-2019</td><td>05:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>296,960</td><td>10-Jul-2019</td><td>07:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>258,048</td><td>10-Jul-2019</td><td>07:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>256,512</td><td>10-Jul-2019</td><td>07:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>289,280</td><td>10-Jul-2019</td><td>07:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>288,256</td><td>10-Jul-2019</td><td>07:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>285,184</td><td>10-Jul-2019</td><td>07:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>295,424</td><td>10-Jul-2019</td><td>07:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>297,472</td><td>10-Jul-2019</td><td>07:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,864</td><td>10-Jul-2019</td><td>05:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>295,424</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>294,400</td><td>10-Jul-2019</td><td>05:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>294,400</td><td>10-Jul-2019</td><td>05:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,864</td><td>10-Jul-2019</td><td>05:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,816</td><td>10-Jul-2019</td><td>05:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>28-Sep-2019</td><td>08:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>286,208</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>281,600</td><td>10-Jul-2019</td><td>05:06</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>286,720</td><td>10-Jul-2019</td><td>05:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,352</td><td>10-Jul-2019</td><td>05:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>242,176</td><td>10-Jul-2019</td><td>05:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>243,200</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>243,200</td><td>10-Jul-2019</td><td>05:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>73,728</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,240</td><td>16-Aug-2014</td><td>12:00</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>78,848</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>61,440</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>61,440</td><td>16-Aug-2014</td><td>03:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,752</td><td>16-Aug-2014</td><td>12:00</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>62,464</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,096</td><td>16-Aug-2014</td><td>12:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>75,264</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>12:01</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,680</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>73,216</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>41,472</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>37,888</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>67,584</td><td>16-Aug-2014</td><td>12:01</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>74,240</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>70,656</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,168</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,680</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>71,168</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>69,632</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>68,608</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.19502</td><td>68,096</td><td>28-Sep-2019</td><td>08:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>59,904</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>65,536</td><td>16-Aug-2014</td><td>12:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>69,120</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>29,696</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>30,720</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll.mui</td><td>11.0.9600.17278</td><td>30,720</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Javascriptcollectionagent.dll</td><td>11.0.9600.17416</td><td>77,824</td><td>31-Oct-2014</td><td>04:30</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub.scriptedsandboxplugin.dll</td><td>11.0.9600.18895</td><td>276,480</td><td>02-Jan-2018</td><td>05:02</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>46,080</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,712</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>54,272</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:08</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>45,056</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>20:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,936</td><td>11-Jun-2016</td><td>20:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,424</td><td>11-Jun-2016</td><td>20:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>20:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>20:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,200</td><td>11-Jun-2016</td><td>20:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>20:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>28-Sep-2019</td><td>08:57</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>20:14</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>20:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>20:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsproxy.dll</td><td>11.0.9600.17416</td><td>54,784</td><td>31-Oct-2014</td><td>04:57</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll</td><td>11.0.9600.19502</td><td>4,859,904</td><td>28-Sep-2019</td><td>05:42</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,176</td><td>08-Sep-2017</td><td>00:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>08-Sep-2017</td><td>00:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>124,928</td><td>08-Sep-2017</td><td>00:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,880</td><td>08-Sep-2017</td><td>00:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,048</td><td>08-Sep-2017</td><td>00:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>138,240</td><td>08-Sep-2017</td><td>00:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,688</td><td>08-Sep-2017</td><td>00:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18666</td><td>114,688</td><td>16-Apr-2017</td><td>09:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>131,584</td><td>08-Sep-2017</td><td>00:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>117,760</td><td>08-Sep-2017</td><td>00:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,368</td><td>08-Sep-2017</td><td>00:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>134,144</td><td>08-Sep-2017</td><td>00:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>107,008</td><td>08-Sep-2017</td><td>00:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>123,392</td><td>14-Oct-2017</td><td>09:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>127,488</td><td>08-Sep-2017</td><td>00:36</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,512</td><td>08-Sep-2017</td><td>00:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>88,064</td><td>08-Sep-2017</td><td>00:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>82,944</td><td>14-Oct-2017</td><td>09:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>08-Sep-2017</td><td>00:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,392</td><td>08-Sep-2017</td><td>00:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>120,320</td><td>08-Sep-2017</td><td>00:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>08-Sep-2017</td><td>00:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>08-Sep-2017</td><td>00:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,952</td><td>07-Sep-2017</td><td>23:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>23:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,000</td><td>07-Sep-2017</td><td>23:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>23:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>23:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>23:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,416</td><td>28-Sep-2019</td><td>08:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>121,856</td><td>07-Sep-2017</td><td>23:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>115,712</td><td>07-Sep-2017</td><td>23:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>23:14</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>07-Sep-2017</td><td>23:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>74,752</td><td>07-Sep-2017</td><td>23:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>08-Sep-2017</td><td>00:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>08-Sep-2017</td><td>00:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieui.dll</td><td>11.0.9600.19463</td><td>615,936</td><td>27-Aug-2019</td><td>03:17</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedkcs32.dll</td><td>18.0.9600.19502</td><td>381,952</td><td>28-Sep-2019</td><td>05:57</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Install.ins</td><td>Not applicable</td><td>464</td><td>28-Sep-2019</td><td>03:44</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dat</td><td>10.0.9301.0</td><td>616,104</td><td>24-Sep-2013</td><td>02:22</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dll</td><td>11.0.9600.19502</td><td>800,768</td><td>28-Sep-2019</td><td>05:20</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iepeers.dll</td><td>11.0.9600.19502</td><td>145,408</td><td>28-Sep-2019</td><td>06:10</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Licmgr10.dll</td><td>11.0.9600.17416</td><td>33,280</td><td>31-Oct-2014</td><td>04:40</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Tdc.ocx</td><td>11.0.9600.18666</td><td>87,552</td><td>16-Apr-2017</td><td>08:10</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub.datawarehouse.dll</td><td>11.0.9600.18895</td><td>666,624</td><td>02-Jan-2018</td><td>05:32</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedvtool.dll</td><td>11.0.9600.19502</td><td>950,784</td><td>28-Sep-2019</td><td>07:11</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticshub_is.dll</td><td>11.0.9600.17416</td><td>49,664</td><td>31-Oct-2014</td><td>05:13</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtmsft.dll</td><td>11.0.9600.18895</td><td>489,984</td><td>02-Jan-2018</td><td>05:06</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtrans.dll</td><td>11.0.9600.19502</td><td>315,392</td><td>28-Sep-2019</td><td>06:10</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Escmigplugin.dll</td><td>11.0.9600.19326</td><td>123,904</td><td>26-Mar-2019</td><td>05:38</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Escunattend.exe</td><td>11.0.9600.19326</td><td>87,040</td><td>26-Mar-2019</td><td>05:54</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-f12-provider.ptxml</td><td>Not applicable</td><td>11,892</td><td>15-Aug-2014</td><td>22:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:00</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>03:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:01</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:01</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:01</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:01</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.19502</td><td>4,096</td><td>28-Sep-2019</td><td>08:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>4,096</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>12:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll.mui</td><td>11.0.9600.17278</td><td>3,584</td><td>16-Aug-2014</td><td>11:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticstap.dll</td><td>11.0.9600.18895</td><td>244,224</td><td>02-Jan-2018</td><td>05:04</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>F12resources.dll</td><td>11.0.9600.17496</td><td>10,949,120</td><td>22-Nov-2014</td><td>03:00</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>F12tools.dll</td><td>11.0.9600.19502</td><td>372,224</td><td>28-Sep-2019</td><td>06:20</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>F12.dll</td><td>11.0.9600.19502</td><td>1,421,312</td><td>28-Sep-2019</td><td>06:06</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.dll</td><td>11.0.9600.19502</td><td>809,472</td><td>28-Sep-2019</td><td>05:57</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.mof</td><td>Not applicable</td><td>1,518</td><td>06-Feb-2014</td><td>05:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.dll</td><td>11.0.9600.17416</td><td>60,416</td><td>31-Oct-2014</td><td>04:24</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.mof</td><td>Not applicable</td><td>1,574</td><td>22-Aug-2013</td><td>06:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedssync.exe</td><td>11.0.9600.17416</td><td>12,800</td><td>31-Oct-2014</td><td>05:08</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshta.exe</td><td>11.0.9600.17416</td><td>13,824</td><td>31-Oct-2014</td><td>05:12</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtmled.dll</td><td>11.0.9600.19502</td><td>92,160</td><td>28-Sep-2019</td><td>06:12</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-htmlrendering.ptxml</td><td>Not applicable</td><td>3,228</td><td>06-Feb-2014</td><td>05:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll</td><td>11.0.9600.19502</td><td>25,752,576</td><td>28-Sep-2019</td><td>07:11</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.tlb</td><td>11.0.9600.16518</td><td>2,724,864</td><td>06-Feb-2014</td><td>11:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieadvpack.dll</td><td>11.0.9600.17416</td><td>132,096</td><td>31-Oct-2014</td><td>04:54</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwcollector.exe</td><td>11.0.9600.18895</td><td>116,224</td><td>02-Jan-2018</td><td>05:17</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwcollectorres.dll</td><td>11.0.9600.16518</td><td>4,096</td><td>06-Feb-2014</td><td>11:30</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwproxystub.dll</td><td>11.0.9600.18895</td><td>48,640</td><td>02-Jan-2018</td><td>05:28</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ielowutil.exe</td><td>11.0.9600.17416</td><td>222,720</td><td>31-Oct-2014</td><td>04:55</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieproxy.dll</td><td>11.0.9600.19502</td><td>805,376</td><td>28-Sep-2019</td><td>05:16</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieshims.dll</td><td>11.0.9600.19404</td><td>386,560</td><td>10-Jul-2019</td><td>02:24</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iexpress.exe</td><td>11.0.9600.17416</td><td>167,424</td><td>31-Oct-2014</td><td>05:10</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Wextract.exe</td><td>11.0.9600.17416</td><td>143,872</td><td>31-Oct-2014</td><td>05:12</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Imgutil.dll</td><td>11.0.9600.17416</td><td>51,200</td><td>31-Oct-2014</td><td>03:42</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Bing.ico</td><td>Not applicable</td><td>5,430</td><td>24-Sep-2013</td><td>02:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieunatt.exe</td><td>11.0.9600.17416</td><td>144,384</td><td>31-Oct-2014</td><td>04:51</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-internetexplorer-ppdlic.xrm-ms</td><td>Not applicable</td><td>2,956</td><td>28-Sep-2019</td><td>07:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows feed discovered.wav</td><td>Not applicable</td><td>19,884</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows information bar.wav</td><td>Not applicable</td><td>23,308</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows navigation start.wav</td><td>Not applicable</td><td>11,340</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Windows pop-up blocked.wav</td><td>Not applicable</td><td>85,548</td><td>24-Sep-2013</td><td>03:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsdbgui.dll</td><td>11.0.9600.19404</td><td>591,360</td><td>10-Jul-2019</td><td>03:12</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsprofilerui.dll</td><td>11.0.9600.18895</td><td>628,736</td><td>02-Jan-2018</td><td>04:56</td><td>x64</td><td>SPR</td><td>AMD64_MICROSOFT-WINDOWS-IE-JSP</td></tr><tr><td>Memoryanalyzer.dll</td><td>11.0.9600.19178</td><td>1,862,144</td><td>12-Oct-2018</td><td>01:58</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtmldac.dll</td><td>11.0.9600.19502</td><td>88,064</td><td>28-Sep-2019</td><td>06:44</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Networkinspection.dll</td><td>11.0.9600.19502</td><td>1,217,024</td><td>28-Sep-2019</td><td>06:07</td><td>x64</td><td>SPE</td><td>AMD64_MICROSOFT-WINDOWS-IE-NETWORKINSP</td></tr><tr><td>Desktop.ini</td><td>Not applicable</td><td>65</td><td>18-Jun-2013</td><td>14:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Occache.dll</td><td>11.0.9600.17416</td><td>152,064</td><td>31-Oct-2014</td><td>04:19</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Desktop.ini</td><td>Not applicable</td><td>65</td><td>18-Jun-2013</td><td>14:44</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Webcheck.dll</td><td>11.0.9600.19502</td><td>262,144</td><td>28-Sep-2019</td><td>05:59</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Msdbg2.dll</td><td>12.0.41202.0</td><td>403,592</td><td>30-Sep-2014</td><td>23:01</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdm.dll</td><td>12.0.41202.0</td><td>579,192</td><td>30-Sep-2014</td><td>23:01</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdmproxy100.dll</td><td>12.0.41202.0</td><td>107,152</td><td>30-Sep-2014</td><td>23:01</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Icrav03.rat</td><td>Not applicable</td><td>8,798</td><td>24-Sep-2013</td><td>02:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msrating.dll</td><td>11.0.9600.18895</td><td>199,680</td><td>02-Jan-2018</td><td>04:56</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ticrf.rat</td><td>Not applicable</td><td>1,988</td><td>24-Sep-2013</td><td>02:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iertutil.dll</td><td>11.0.9600.19502</td><td>2,909,184</td><td>28-Sep-2019</td><td>06:47</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ie4uinit.exe</td><td>11.0.9600.19502</td><td>728,064</td><td>28-Sep-2019</td><td>05:57</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iernonce.dll</td><td>11.0.9600.17416</td><td>34,304</td><td>31-Oct-2014</td><td>04:56</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesetup.dll</td><td>11.0.9600.17416</td><td>66,560</td><td>31-Oct-2014</td><td>05:06</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Inseng.dll</td><td>11.0.9600.19101</td><td>107,520</td><td>19-Jul-2018</td><td>04:03</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesysprep.dll</td><td>11.0.9600.17416</td><td>111,616</td><td>31-Oct-2014</td><td>04:29</td><td>x64</td><td>SPR</td><td>AMD64_MICROSOFT-WINDOWS-IE-SYSP</td></tr><tr><td>Timeline.dll</td><td>11.0.9600.17905</td><td>219,136</td><td>15-Jun-2015</td><td>22:01</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Timeline.cpu.xml</td><td>Not applicable</td><td>3,197</td><td>24-Jul-2014</td><td>18:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Timeline_is.dll</td><td>11.0.9600.17416</td><td>171,008</td><td>31-Oct-2014</td><td>04:56</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Vgx.dll</td><td>11.0.9600.19502</td><td>1,018,368</td><td>28-Sep-2019</td><td>06:12</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Url.dll</td><td>11.0.9600.17416</td><td>237,568</td><td>31-Oct-2014</td><td>05:06</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,673,728</td><td>10-Jul-2019</td><td>05:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,728,000</td><td>10-Jul-2019</td><td>05:18</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,682,432</td><td>10-Jul-2019</td><td>05:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,670,656</td><td>10-Jul-2019</td><td>05:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,921,536</td><td>10-Jul-2019</td><td>05:19</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,997,312</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,640,960</td><td>28-Sep-2019</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,639,936</td><td>10-Jul-2019</td><td>04:33</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,914,880</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,863,168</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,668,608</td><td>10-Jul-2019</td><td>05:16</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,932,800</td><td>10-Jul-2019</td><td>05:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,627,136</td><td>28-Sep-2019</td><td>08:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,678,336</td><td>10-Jul-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,690,112</td><td>10-Jul-2019</td><td>05:15</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,914,368</td><td>10-Jul-2019</td><td>07:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,777,664</td><td>28-Sep-2019</td><td>08:44</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,761,280</td><td>10-Jul-2019</td><td>07:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,899,008</td><td>10-Jul-2019</td><td>07:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,890,816</td><td>10-Jul-2019</td><td>07:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,658,880</td><td>10-Jul-2019</td><td>07:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,908,736</td><td>28-Sep-2019</td><td>08:44</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,700,352</td><td>10-Jul-2019</td><td>07:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,682,944</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,906,176</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,701,888</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,924,096</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,912,320</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,886,208</td><td>10-Jul-2019</td><td>05:14</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,893,376</td><td>28-Sep-2019</td><td>09:00</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,667,072</td><td>10-Jul-2019</td><td>05:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,922,560</td><td>28-Sep-2019</td><td>08:42</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,886,208</td><td>10-Jul-2019</td><td>05:05</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,932,288</td><td>10-Jul-2019</td><td>05:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,705,472</td><td>28-Sep-2019</td><td>08:42</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,497,600</td><td>10-Jul-2019</td><td>05:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,497,600</td><td>10-Jul-2019</td><td>05:21</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll</td><td>11.0.9600.19502</td><td>15,413,760</td><td>28-Sep-2019</td><td>05:52</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.ptxml</td><td>Not applicable</td><td>24,486</td><td>06-Feb-2014</td><td>05:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieinstal.exe</td><td>11.0.9600.18639</td><td>492,032</td><td>25-Mar-2017</td><td>17:20</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,916</td><td>28-Sep-2019</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>494,286</td><td>28-Sep-2019</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>546,719</td><td>28-Sep-2019</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>935,931</td><td>28-Sep-2019</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>28-Sep-2019</td><td>07:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>538,482</td><td>28-Sep-2019</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,946</td><td>28-Sep-2019</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>570,169</td><td>28-Sep-2019</td><td>08:39</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>564,915</td><td>28-Sep-2019</td><td>08:37</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>542,763</td><td>28-Sep-2019</td><td>08:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>632,836</td><td>28-Sep-2019</td><td>08:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,065</td><td>28-Sep-2019</td><td>08:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>483,289</td><td>28-Sep-2019</td><td>08:44</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>543,188</td><td>28-Sep-2019</td><td>08:44</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>553,376</td><td>28-Sep-2019</td><td>08:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>529,666</td><td>28-Sep-2019</td><td>08:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>536,163</td><td>28-Sep-2019</td><td>08:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>796,921</td><td>28-Sep-2019</td><td>08:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>498,717</td><td>28-Sep-2019</td><td>08:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>516,048</td><td>28-Sep-2019</td><td>08:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>415,256</td><td>28-Sep-2019</td><td>08:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,865</td><td>28-Sep-2019</td><td>08:40</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,865</td><td>28-Sep-2019</td><td>08:38</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.admx</td><td>Not applicable</td><td>1,672,213</td><td>28-Sep-2019</td><td>03:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcomm.dll</td><td>6.3.9600.19502</td><td>1,033,216</td><td>28-Sep-2019</td><td>06:05</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.dll</td><td>6.3.9600.16384</td><td>84,480</td><td>22-Aug-2013</td><td>11:43</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9.dll</td><td>11.0.9600.19502</td><td>5,500,928</td><td>28-Sep-2019</td><td>06:33</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9diag.dll</td><td>11.0.9600.19101</td><td>814,080</td><td>19-Jul-2018</td><td>04:21</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript.dll</td><td>5.8.9600.19502</td><td>793,088</td><td>28-Sep-2019</td><td>06:33</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Vbscript.dll</td><td>5.8.9600.19502</td><td>579,584</td><td>28-Sep-2019</td><td>06:45</td><td>x64</td><td>None</td><td>Not applicable</td></tr><tr><td>Iexplore.exe</td><td>11.0.9600.19036</td><td>817,296</td><td>25-May-2018</td><td>05:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Html.iec</td><td>2019.0.0.18895</td><td>341,504</td><td>02-Jan-2018</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieui.dll</td><td>11.0.9600.18895</td><td>476,160</td><td>02-Jan-2018</td><td>04:44</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iepeers.dll</td><td>11.0.9600.19502</td><td>128,000</td><td>28-Sep-2019</td><td>05:45</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Tdc.ocx</td><td>11.0.9600.18666</td><td>73,216</td><td>16-Apr-2017</td><td>07:29</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtmsft.dll</td><td>11.0.9600.18895</td><td>416,256</td><td>02-Jan-2018</td><td>04:34</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Dxtrans.dll</td><td>11.0.9600.19502</td><td>279,040</td><td>28-Sep-2019</td><td>05:44</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.dll</td><td>11.0.9600.19502</td><td>696,320</td><td>28-Sep-2019</td><td>05:36</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeeds.mof</td><td>Not applicable</td><td>1,518</td><td>06-Feb-2014</td><td>05:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshta.exe</td><td>11.0.9600.17416</td><td>12,800</td><td>31-Oct-2014</td><td>03:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtmled.dll</td><td>11.0.9600.19404</td><td>76,288</td><td>10-Jul-2019</td><td>02:48</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll</td><td>11.0.9600.19502</td><td>20,290,048</td><td>28-Sep-2019</td><td>06:30</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.tlb</td><td>11.0.9600.16518</td><td>2,724,864</td><td>06-Feb-2014</td><td>10:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wow64_microsoft-windows-ie-htmlrendering.ptxml</td><td>Not applicable</td><td>3,228</td><td>06-Feb-2014</td><td>05:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieetwproxystub.dll</td><td>11.0.9600.17416</td><td>47,616</td><td>31-Oct-2014</td><td>03:23</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieunatt.exe</td><td>11.0.9600.17416</td><td>115,712</td><td>31-Oct-2014</td><td>03:12</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Occache.dll</td><td>11.0.9600.17416</td><td>130,048</td><td>31-Oct-2014</td><td>02:48</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Webcheck.dll</td><td>11.0.9600.19502</td><td>230,400</td><td>28-Sep-2019</td><td>05:38</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iernonce.dll</td><td>11.0.9600.17416</td><td>30,720</td><td>31-Oct-2014</td><td>03:15</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesetup.dll</td><td>11.0.9600.17416</td><td>62,464</td><td>31-Oct-2014</td><td>03:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iesysprep.dll</td><td>11.0.9600.17416</td><td>90,624</td><td>31-Oct-2014</td><td>02:56</td><td>x86</td><td>SPR</td><td>WOW64_MICROSOFT-WINDOWS-IE-SYSP</td></tr><tr><td>Ie9props.propdesc</td><td>Not applicable</td><td>2,843</td><td>24-Sep-2013</td><td>02:34</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll</td><td>11.0.9600.19502</td><td>13,808,128</td><td>28-Sep-2019</td><td>05:33</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wow64_ieframe.ptxml</td><td>Not applicable</td><td>24,486</td><td>06-Feb-2014</td><td>05:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9.dll</td><td>11.0.9600.19502</td><td>4,112,384</td><td>28-Sep-2019</td><td>05:39</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript9diag.dll</td><td>11.0.9600.19101</td><td>620,032</td><td>19-Jul-2018</td><td>03:54</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jscript.dll</td><td>5.8.9600.19502</td><td>659,968</td><td>28-Sep-2019</td><td>06:02</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Vbscript.dll</td><td>5.8.9600.19502</td><td>496,128</td><td>28-Sep-2019</td><td>06:12</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Actxprxy.dll</td><td>6.3.9600.19301</td><td>1,049,600</td><td>26-Feb-2019</td><td>06:20</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Hlink.dll</td><td>6.3.9600.19101</td><td>99,328</td><td>19-Jul-2018</td><td>03:55</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Pngfilt.dll</td><td>11.0.9600.17416</td><td>57,344</td><td>31-Oct-2014</td><td>03:26</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll</td><td>11.0.9600.19502</td><td>1,331,712</td><td>28-Sep-2019</td><td>05:14</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininetplugin.dll</td><td>6.3.9600.17416</td><td>35,328</td><td>31-Oct-2014</td><td>03:12</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>46,592</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>56,320</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>57,856</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,664</td><td>12-Nov-2016</td><td>19:17</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>47,616</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>49,152</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>55,296</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>45,056</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,712</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>39,424</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>35,840</td><td>12-Nov-2016</td><td>21:32</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,760</td><td>12-Nov-2016</td><td>21:31</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>54,272</td><td>12-Nov-2016</td><td>20:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>51,200</td><td>12-Nov-2016</td><td>20:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>53,248</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>52,736</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>20:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,688</td><td>12-Nov-2016</td><td>20:27</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>20:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>50,176</td><td>12-Nov-2016</td><td>20:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>20:28</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.18538</td><td>31,232</td><td>12-Nov-2016</td><td>21:30</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl</td><td>11.0.9600.19502</td><td>2,058,752</td><td>28-Sep-2019</td><td>05:36</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>307,200</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>293,888</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,304</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>289,280</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>299,008</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>303,104</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>282,112</td><td>10-Jul-2019</td><td>04:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>282,112</td><td>10-Jul-2019</td><td>03:58</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>296,960</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>283,648</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>291,840</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>299,520</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>275,968</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,816</td><td>10-Jul-2019</td><td>04:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>293,376</td><td>10-Jul-2019</td><td>04:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>296,960</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>258,048</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>256,512</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>289,280</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>288,256</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>285,184</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>295,424</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>297,472</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,864</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>295,424</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>294,400</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>294,400</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,864</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>290,816</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>28-Sep-2019</td><td>07:48</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>286,208</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>281,600</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>286,720</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>292,352</td><td>10-Jul-2019</td><td>04:42</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>242,176</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>243,200</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19404</td><td>243,200</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Javascriptcollectionagent.dll</td><td>11.0.9600.17416</td><td>60,416</td><td>31-Oct-2014</td><td>02:57</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>46,080</td><td>11-Jun-2016</td><td>20:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>20:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>20:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,712</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>54,272</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>18:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>20:24</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>45,056</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,936</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>39,424</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>47,616</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>51,200</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,688</td><td>11-Jun-2016</td><td>19:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>50,176</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:02</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,664</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>28-Sep-2019</td><td>07:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,640</td><td>11-Jun-2016</td><td>19:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>49,152</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>48,128</td><td>11-Jun-2016</td><td>19:05</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>19:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.18378</td><td>35,328</td><td>11-Jun-2016</td><td>20:23</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsproxy.dll</td><td>11.0.9600.17416</td><td>47,104</td><td>31-Oct-2014</td><td>03:16</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wininet.dll</td><td>11.0.9600.19502</td><td>4,387,840</td><td>28-Sep-2019</td><td>05:18</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,176</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>07-Sep-2017</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>124,928</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,880</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,048</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>138,240</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>114,688</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18666</td><td>114,688</td><td>16-Apr-2017</td><td>08:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>131,584</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>117,760</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>122,368</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>134,144</td><td>07-Sep-2017</td><td>21:12</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>107,008</td><td>07-Sep-2017</td><td>21:13</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>123,392</td><td>14-Oct-2017</td><td>08:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>127,488</td><td>07-Sep-2017</td><td>21:11</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,512</td><td>07-Sep-2017</td><td>21:11</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>88,064</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18838</td><td>82,944</td><td>14-Oct-2017</td><td>08:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,392</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>120,320</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>130,560</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>21:07</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,952</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>128,000</td><td>07-Sep-2017</td><td>22:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>129,024</td><td>07-Sep-2017</td><td>22:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>22:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,416</td><td>28-Sep-2019</td><td>07:47</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>121,856</td><td>07-Sep-2017</td><td>20:56</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>115,712</td><td>07-Sep-2017</td><td>21:03</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>123,904</td><td>07-Sep-2017</td><td>21:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>125,440</td><td>07-Sep-2017</td><td>21:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>74,752</td><td>07-Sep-2017</td><td>21:04</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>07-Sep-2017</td><td>21:09</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.18817</td><td>75,776</td><td>07-Sep-2017</td><td>21:10</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedkcs32.dll</td><td>18.0.9600.19404</td><td>333,312</td><td>10-Jul-2019</td><td>02:38</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Install.ins</td><td>Not applicable</td><td>464</td><td>28-Sep-2019</td><td>03:46</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dat</td><td>10.0.9301.0</td><td>616,104</td><td>24-Sep-2013</td><td>02:20</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieapfltr.dll</td><td>11.0.9600.19502</td><td>710,144</td><td>28-Sep-2019</td><td>05:13</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Licmgr10.dll</td><td>11.0.9600.17416</td><td>27,136</td><td>31-Oct-2014</td><td>03:03</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iedvtool.dll</td><td>11.0.9600.19502</td><td>772,608</td><td>28-Sep-2019</td><td>06:30</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Diagnosticstap.dll</td><td>11.0.9600.17905</td><td>174,592</td><td>15-Jun-2015</td><td>20:52</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>F12tools.dll</td><td>11.0.9600.17905</td><td>255,488</td><td>15-Jun-2015</td><td>20:51</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.dll</td><td>11.0.9600.17416</td><td>52,736</td><td>31-Oct-2014</td><td>02:53</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedsbs.mof</td><td>Not applicable</td><td>1,574</td><td>21-Aug-2013</td><td>23:49</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msfeedssync.exe</td><td>11.0.9600.17416</td><td>11,264</td><td>31-Oct-2014</td><td>03:25</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieadvpack.dll</td><td>11.0.9600.17416</td><td>112,128</td><td>31-Oct-2014</td><td>03:14</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ielowutil.exe</td><td>11.0.9600.19404</td><td>221,184</td><td>10-Jul-2019</td><td>03:06</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieproxy.dll</td><td>11.0.9600.19502</td><td>301,056</td><td>28-Sep-2019</td><td>05:10</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieshims.dll</td><td>11.0.9600.19502</td><td>290,304</td><td>28-Sep-2019</td><td>05:16</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Iexpress.exe</td><td>11.0.9600.17416</td><td>152,064</td><td>31-Oct-2014</td><td>03:27</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Wextract.exe</td><td>11.0.9600.17416</td><td>137,728</td><td>31-Oct-2014</td><td>03:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Imgutil.dll</td><td>11.0.9600.17416</td><td>40,448</td><td>31-Oct-2014</td><td>02:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Extexport.exe</td><td>11.0.9600.17416</td><td>25,600</td><td>31-Oct-2014</td><td>03:20</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsdbgui.dll</td><td>11.0.9600.18895</td><td>459,776</td><td>02-Jan-2018</td><td>04:27</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Jsprofilerui.dll</td><td>11.0.9600.18895</td><td>579,584</td><td>02-Jan-2018</td><td>04:27</td><td>x86</td><td>SPR</td><td>X86_MICROSOFT-WINDOWS-IE-JSP</td></tr><tr><td>Mshtmldac.dll</td><td>11.0.9600.19502</td><td>64,000</td><td>28-Sep-2019</td><td>06:10</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Networkinspection.dll</td><td>11.0.9600.19404</td><td>1,075,200</td><td>10-Jul-2019</td><td>02:45</td><td>x86</td><td>SPE</td><td>X86_MICROSOFT-WINDOWS-IE-NETWORKINSP</td></tr><tr><td>Msdbg2.dll</td><td>12.0.41202.0</td><td>315,008</td><td>30-Sep-2014</td><td>23:00</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdm.dll</td><td>12.0.41202.0</td><td>442,992</td><td>30-Sep-2014</td><td>23:00</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Pdmproxy100.dll</td><td>12.0.41202.0</td><td>99,984</td><td>30-Sep-2014</td><td>23:00</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Icrav03.rat</td><td>Not applicable</td><td>8,798</td><td>24-Sep-2013</td><td>02:25</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Msrating.dll</td><td>11.0.9600.19502</td><td>168,960</td><td>28-Sep-2019</td><td>05:46</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ticrf.rat</td><td>Not applicable</td><td>1,988</td><td>24-Sep-2013</td><td>02:26</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Iertutil.dll</td><td>11.0.9600.19502</td><td>2,302,464</td><td>28-Sep-2019</td><td>06:09</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inseng.dll</td><td>11.0.9600.17416</td><td>91,136</td><td>31-Oct-2014</td><td>02:56</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Vgx.dll</td><td>11.0.9600.19502</td><td>817,664</td><td>28-Sep-2019</td><td>05:46</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Url.dll</td><td>11.0.9600.17416</td><td>235,520</td><td>31-Oct-2014</td><td>03:24</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,673,728</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,728,000</td><td>10-Jul-2019</td><td>04:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,682,432</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,670,656</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,921,536</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,997,312</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,640,960</td><td>28-Sep-2019</td><td>07:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,639,936</td><td>10-Jul-2019</td><td>03:59</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,914,880</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,863,168</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,668,608</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,932,800</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,627,136</td><td>28-Sep-2019</td><td>07:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,678,336</td><td>10-Jul-2019</td><td>04:50</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,690,112</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,914,368</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,777,664</td><td>28-Sep-2019</td><td>07:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,761,280</td><td>10-Jul-2019</td><td>04:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,899,008</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,890,816</td><td>10-Jul-2019</td><td>04:55</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,658,880</td><td>10-Jul-2019</td><td>04:56</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,908,736</td><td>28-Sep-2019</td><td>07:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,700,352</td><td>10-Jul-2019</td><td>04:54</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,682,944</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,906,176</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,701,888</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,924,096</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,912,320</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,886,208</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,893,376</td><td>28-Sep-2019</td><td>07:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,667,072</td><td>10-Jul-2019</td><td>04:51</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,922,560</td><td>28-Sep-2019</td><td>07:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,886,208</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,932,288</td><td>10-Jul-2019</td><td>04:43</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,705,472</td><td>28-Sep-2019</td><td>07:41</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,497,600</td><td>10-Jul-2019</td><td>04:52</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19404</td><td>1,497,600</td><td>10-Jul-2019</td><td>04:53</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Ieinstal.exe</td><td>11.0.9600.18921</td><td>475,648</td><td>10-Feb-2018</td><td>05:35</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetcomm.dll</td><td>6.3.9600.19502</td><td>880,640</td><td>28-Sep-2019</td><td>05:41</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Inetres.dll</td><td>6.3.9600.16384</td><td>84,480</td><td>22-Aug-2013</td><td>04:14</td><td>x86</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><h4>Windows Server 2012</h4><p><strong>Internet Explorer 11</strong></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">Internet Explorer 11 on all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Urlmon.dll</td><td>11.0.9600.19502</td><td>1,331,712</td><td>28-Sep-2019</td><td>05:14</td><td>x86</td></tr><tr><td>Iexplore.exe</td><td>11.0.9600.19502</td><td>810,376</td><td>30-Sep-2019</td><td>02:05</td><td>x86</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>46,592</td><td>30-Sep-2019</td><td>02:06</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>56,320</td><td>30-Sep-2019</td><td>02:09</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>57,856</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>02:12</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>55,296</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>45,056</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>53,248</td><td>30-Sep-2019</td><td>02:16</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>39,424</td><td>30-Sep-2019</td><td>02:17</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>35,840</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>02:21</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>53,760</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>53,248</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>30,720</td><td>30-Sep-2019</td><td>02:31</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>30,720</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>30,720</td><td>30-Sep-2019</td><td>02:33</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl</td><td>11.0.9600.19502</td><td>2,058,752</td><td>28-Sep-2019</td><td>05:36</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>307,200</td><td>30-Sep-2019</td><td>02:06</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>293,888</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,304</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>289,280</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>299,008</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>303,104</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>282,112</td><td>30-Sep-2019</td><td>03:26</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>296,960</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>283,648</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>291,840</td><td>30-Sep-2019</td><td>02:12</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>299,520</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>275,968</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>293,376</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>296,960</td><td>30-Sep-2019</td><td>02:17</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>258,048</td><td>30-Sep-2019</td><td>02:17</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>256,512</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>289,280</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>288,256</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>285,184</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>295,424</td><td>30-Sep-2019</td><td>02:21</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>297,472</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,864</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>295,424</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>294,400</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>294,400</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,864</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>288,768</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>286,208</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>281,600</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>286,720</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,352</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>242,176</td><td>30-Sep-2019</td><td>02:31</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>243,200</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>243,200</td><td>30-Sep-2019</td><td>02:33</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>46,080</td><td>30-Sep-2019</td><td>02:06</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>02:09</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>02:12</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>45,056</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>02:16</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>39,936</td><td>30-Sep-2019</td><td>02:17</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>39,424</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>02:21</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,128</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,128</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>35,328</td><td>30-Sep-2019</td><td>02:31</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>35,328</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>35,328</td><td>30-Sep-2019</td><td>02:33</td><td>Not applicable</td></tr><tr><td>Jsproxy.dll</td><td>11.0.9600.19502</td><td>47,104</td><td>28-Sep-2019</td><td>06:06</td><td>x86</td></tr><tr><td>Wininet.dll</td><td>11.0.9600.19502</td><td>4,387,840</td><td>28-Sep-2019</td><td>05:18</td><td>x86</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>114,176</td><td>30-Sep-2019</td><td>02:06</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>130,560</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,928</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>122,880</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>130,048</td><td>30-Sep-2019</td><td>02:09</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>138,240</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>114,688</td><td>30-Sep-2019</td><td>03:26</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>131,584</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>117,760</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>122,368</td><td>30-Sep-2019</td><td>02:12</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>134,144</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>107,008</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,392</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>127,488</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>128,512</td><td>30-Sep-2019</td><td>02:16</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>88,576</td><td>30-Sep-2019</td><td>02:17</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>82,944</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>125,440</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,392</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>120,320</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>130,560</td><td>30-Sep-2019</td><td>02:21</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>129,024</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>125,952</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>129,024</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>128,000</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,904</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>129,024</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,904</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,416</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>121,856</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>115,712</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,904</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>125,440</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>72,704</td><td>30-Sep-2019</td><td>02:31</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>73,728</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>73,728</td><td>30-Sep-2019</td><td>02:33</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-htmlrendering.ptxml</td><td>Not applicable</td><td>3,228</td><td>28-Sep-2019</td><td>03:46</td><td>Not applicable</td></tr><tr><td>Mshtml.dll</td><td>11.0.9600.19502</td><td>20,290,048</td><td>28-Sep-2019</td><td>06:30</td><td>x86</td></tr><tr><td>Mshtml.tlb</td><td>11.0.9600.19502</td><td>2,724,864</td><td>28-Sep-2019</td><td>06:24</td><td>Not applicable</td></tr><tr><td>Ieproxy.dll</td><td>11.0.9600.19502</td><td>301,056</td><td>28-Sep-2019</td><td>05:10</td><td>x86</td></tr><tr><td>Ieshims.dll</td><td>11.0.9600.19502</td><td>290,304</td><td>28-Sep-2019</td><td>05:16</td><td>x86</td></tr><tr><td>Iertutil.dll</td><td>11.0.9600.19502</td><td>2,302,464</td><td>28-Sep-2019</td><td>06:09</td><td>x86</td></tr><tr><td>Sqmapi.dll</td><td>6.2.9200.16384</td><td>228,232</td><td>30-Sep-2019</td><td>02:05</td><td>x86</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,673,216</td><td>30-Sep-2019</td><td>02:06</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,728,000</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,682,432</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,670,656</td><td>30-Sep-2019</td><td>02:09</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,921,024</td><td>30-Sep-2019</td><td>02:09</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,996,800</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,639,936</td><td>30-Sep-2019</td><td>03:26</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,914,880</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,862,656</td><td>30-Sep-2019</td><td>02:12</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,668,608</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,932,800</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,626,624</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,677,824</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,689,600</td><td>30-Sep-2019</td><td>02:16</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,914,368</td><td>30-Sep-2019</td><td>02:16</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,777,664</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,760,256</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,899,008</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,890,816</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,658,880</td><td>30-Sep-2019</td><td>02:21</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,908,736</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,699,840</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,682,432</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,906,176</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,701,376</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,923,584</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,912,320</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,886,208</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,893,376</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,667,072</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,921,536</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,886,208</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,931,264</td><td>30-Sep-2019</td><td>02:31</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,701,888</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,493,504</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Ieframe.dll.mui</td><td>11.0.9600.19502</td><td>1,493,504</td><td>30-Sep-2019</td><td>02:33</td><td>Not applicable</td></tr><tr><td>Ieframe.dll</td><td>11.0.9600.19502</td><td>13,808,128</td><td>28-Sep-2019</td><td>05:33</td><td>x86</td></tr><tr><td>Ieframe.ptxml</td><td>Not applicable</td><td>24,486</td><td>28-Sep-2019</td><td>03:46</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:06</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,402</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>493,824</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>546,075</td><td>30-Sep-2019</td><td>02:09</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>932,524</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>03:26</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>537,883</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>520,546</td><td>30-Sep-2019</td><td>02:12</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>569,543</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>564,361</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>542,373</td><td>30-Sep-2019</td><td>02:16</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>631,643</td><td>30-Sep-2019</td><td>02:17</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>519,433</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>482,894</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>542,623</td><td>30-Sep-2019</td><td>02:21</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>552,611</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>529,235</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>535,760</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>794,398</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>498,475</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>515,774</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>452,656</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>415,413</td><td>30-Sep-2019</td><td>02:31</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,992</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Inetres.adml</td><td>Not applicable</td><td>431,992</td><td>30-Sep-2019</td><td>02:33</td><td>Not applicable</td></tr><tr><td>Inetres.admx</td><td>Not applicable</td><td>1,672,213</td><td>28-Sep-2019</td><td>03:30</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,184</td><td>30-Sep-2019</td><td>02:06</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>32,768</td><td>30-Sep-2019</td><td>02:07</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>33,280</td><td>30-Sep-2019</td><td>02:08</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>35,328</td><td>30-Sep-2019</td><td>02:09</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>37,888</td><td>30-Sep-2019</td><td>02:10</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>03:25</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>34,304</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:11</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>33,280</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>34,304</td><td>30-Sep-2019</td><td>02:13</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>27,648</td><td>30-Sep-2019</td><td>02:14</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>34,304</td><td>30-Sep-2019</td><td>02:15</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>33,792</td><td>30-Sep-2019</td><td>02:16</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>23,040</td><td>30-Sep-2019</td><td>02:17</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>22,016</td><td>30-Sep-2019</td><td>02:18</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:19</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>31,232</td><td>30-Sep-2019</td><td>02:20</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>34,304</td><td>30-Sep-2019</td><td>02:21</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>35,840</td><td>30-Sep-2019</td><td>02:22</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>32,768</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>33,280</td><td>30-Sep-2019</td><td>02:23</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:24</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>34,816</td><td>30-Sep-2019</td><td>02:25</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>33,280</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>32,256</td><td>30-Sep-2019</td><td>02:26</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:27</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>32,768</td><td>30-Sep-2019</td><td>02:28</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:29</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>30,720</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>29,696</td><td>30-Sep-2019</td><td>02:30</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>16,384</td><td>30-Sep-2019</td><td>02:31</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>16,896</td><td>30-Sep-2019</td><td>02:32</td><td>Not applicable</td></tr><tr><td>Jscript9.dll.mui</td><td>11.0.9600.19502</td><td>16,896</td><td>30-Sep-2019</td><td>02:33</td><td>Not applicable</td></tr><tr><td>Jscript9.dll</td><td>11.0.9600.19502</td><td>4,112,384</td><td>28-Sep-2019</td><td>05:39</td><td>x86</td></tr><tr><td>Jscript9diag.dll</td><td>11.0.9600.19502</td><td>620,032</td><td>28-Sep-2019</td><td>06:02</td><td>x86</td></tr><tr><td>Jscript.dll</td><td>5.8.9600.19502</td><td>659,968</td><td>28-Sep-2019</td><td>06:02</td><td>x86</td></tr><tr><td>Vbscript.dll</td><td>5.8.9600.19502</td><td>496,128</td><td>28-Sep-2019</td><td>06:12</td><td>x86</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">Internet Explorer 11 on all supported x64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Urlmon.dll</td><td>11.0.9600.19502</td><td>1,566,208</td><td>28-Sep-2019</td><td>05:31</td><td>x64</td></tr><tr><td>Iexplore.exe</td><td>11.0.9600.19502</td><td>810,376</td><td>30-Sep-2019</td><td>02:53</td><td>x64</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>46,592</td><td>30-Sep-2019</td><td>02:54</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>02:54</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>02:55</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>02:56</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>56,320</td><td>30-Sep-2019</td><td>02:57</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>57,856</td><td>30-Sep-2019</td><td>02:57</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>04:00</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>02:59</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>02:59</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>03:00</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>55,296</td><td>30-Sep-2019</td><td>03:00</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>45,056</td><td>30-Sep-2019</td><td>03:01</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>03:02</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>03:03</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>53,248</td><td>30-Sep-2019</td><td>03:03</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>39,424</td><td>30-Sep-2019</td><td>03:04</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>35,840</td><td>30-Sep-2019</td><td>03:05</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>03:06</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>03:07</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>03:08</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>03:08</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>53,760</td><td>30-Sep-2019</td><td>03:09</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>03:11</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>03:12</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>53,248</td><td>30-Sep-2019</td><td>03:12</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>52,736</td><td>30-Sep-2019</td><td>03:13</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>03:14</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>03:15</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>03:15</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>03:16</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>03:17</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>30,720</td><td>30-Sep-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>30,720</td><td>30-Sep-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Wininet.dll.mui</td><td>11.0.9600.19502</td><td>30,720</td><td>30-Sep-2019</td><td>03:19</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl</td><td>11.0.9600.19502</td><td>2,132,992</td><td>28-Sep-2019</td><td>05:54</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>307,200</td><td>30-Sep-2019</td><td>02:54</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>293,888</td><td>30-Sep-2019</td><td>02:55</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,304</td><td>30-Sep-2019</td><td>02:55</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>289,280</td><td>30-Sep-2019</td><td>02:56</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>299,008</td><td>30-Sep-2019</td><td>02:57</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>303,104</td><td>30-Sep-2019</td><td>02:58</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>282,112</td><td>30-Sep-2019</td><td>04:00</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>296,960</td><td>30-Sep-2019</td><td>02:58</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>283,648</td><td>30-Sep-2019</td><td>02:59</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>291,840</td><td>30-Sep-2019</td><td>03:00</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>299,520</td><td>30-Sep-2019</td><td>03:01</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>275,968</td><td>30-Sep-2019</td><td>03:01</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>30-Sep-2019</td><td>03:02</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>293,376</td><td>30-Sep-2019</td><td>03:03</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>296,960</td><td>30-Sep-2019</td><td>03:04</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>258,048</td><td>30-Sep-2019</td><td>03:04</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>256,512</td><td>30-Sep-2019</td><td>03:05</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>289,280</td><td>30-Sep-2019</td><td>03:06</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>288,256</td><td>30-Sep-2019</td><td>03:07</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>285,184</td><td>30-Sep-2019</td><td>03:07</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>295,424</td><td>30-Sep-2019</td><td>03:08</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>297,472</td><td>30-Sep-2019</td><td>03:09</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,864</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>295,424</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>294,400</td><td>30-Sep-2019</td><td>03:11</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>294,400</td><td>30-Sep-2019</td><td>03:12</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,864</td><td>30-Sep-2019</td><td>03:12</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>290,816</td><td>30-Sep-2019</td><td>03:13</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>288,768</td><td>30-Sep-2019</td><td>03:14</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>286,208</td><td>30-Sep-2019</td><td>03:15</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>281,600</td><td>30-Sep-2019</td><td>03:16</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>286,720</td><td>30-Sep-2019</td><td>03:16</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>292,352</td><td>30-Sep-2019</td><td>03:17</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>242,176</td><td>30-Sep-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>243,200</td><td>30-Sep-2019</td><td>03:19</td><td>Not applicable</td></tr><tr><td>Mshtml.dll.mui</td><td>11.0.9600.19502</td><td>243,200</td><td>30-Sep-2019</td><td>03:19</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>46,080</td><td>30-Sep-2019</td><td>02:54</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:55</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>02:55</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>02:56</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>51,712</td><td>30-Sep-2019</td><td>02:57</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>54,272</td><td>30-Sep-2019</td><td>02:57</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,128</td><td>30-Sep-2019</td><td>04:00</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>02:58</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>02:59</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>03:00</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>03:00</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>45,056</td><td>30-Sep-2019</td><td>03:01</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>03:02</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>03:03</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>03:03</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>39,936</td><td>30-Sep-2019</td><td>03:04</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>39,424</td><td>30-Sep-2019</td><td>03:05</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>03:06</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>47,616</td><td>30-Sep-2019</td><td>03:07</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>03:07</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>51,200</td><td>30-Sep-2019</td><td>03:08</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,688</td><td>30-Sep-2019</td><td>03:09</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>03:11</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>03:12</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>50,176</td><td>30-Sep-2019</td><td>03:13</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>03:13</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,664</td><td>30-Sep-2019</td><td>03:14</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,640</td><td>30-Sep-2019</td><td>03:15</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,128</td><td>30-Sep-2019</td><td>03:16</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>49,152</td><td>30-Sep-2019</td><td>03:16</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>48,128</td><td>30-Sep-2019</td><td>03:17</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>35,328</td><td>30-Sep-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>35,328</td><td>30-Sep-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Urlmon.dll.mui</td><td>11.0.9600.19502</td><td>35,328</td><td>30-Sep-2019</td><td>03:19</td><td>Not applicable</td></tr><tr><td>Jsproxy.dll</td><td>11.0.9600.19502</td><td>54,784</td><td>28-Sep-2019</td><td>06:38</td><td>x64</td></tr><tr><td>Wininet.dll</td><td>11.0.9600.19502</td><td>4,859,904</td><td>28-Sep-2019</td><td>05:42</td><td>x64</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>114,176</td><td>30-Sep-2019</td><td>02:54</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>130,560</td><td>30-Sep-2019</td><td>02:54</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,928</td><td>30-Sep-2019</td><td>02:55</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>122,880</td><td>30-Sep-2019</td><td>02:56</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>130,048</td><td>30-Sep-2019</td><td>02:57</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>138,240</td><td>30-Sep-2019</td><td>02:58</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>114,688</td><td>30-Sep-2019</td><td>04:00</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>131,584</td><td>30-Sep-2019</td><td>02:58</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>117,760</td><td>30-Sep-2019</td><td>02:59</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>122,368</td><td>30-Sep-2019</td><td>03:00</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>134,144</td><td>30-Sep-2019</td><td>03:00</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>107,008</td><td>30-Sep-2019</td><td>03:01</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,392</td><td>30-Sep-2019</td><td>03:02</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>127,488</td><td>30-Sep-2019</td><td>03:03</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>128,512</td><td>30-Sep-2019</td><td>03:03</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>88,576</td><td>30-Sep-2019</td><td>03:04</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>82,944</td><td>30-Sep-2019</td><td>03:05</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>125,440</td><td>30-Sep-2019</td><td>03:06</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,392</td><td>30-Sep-2019</td><td>03:07</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>120,320</td><td>30-Sep-2019</td><td>03:08</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>130,560</td><td>30-Sep-2019</td><td>03:08</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>129,024</td><td>30-Sep-2019</td><td>03:09</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>125,952</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>129,024</td><td>30-Sep-2019</td><td>03:10</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>128,000</td><td>30-Sep-2019</td><td>03:11</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,904</td><td>30-Sep-2019</td><td>03:12</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>129,024</td><td>30-Sep-2019</td><td>03:13</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,904</td><td>30-Sep-2019</td><td>03:14</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>124,416</td><td>30-Sep-2019</td><td>03:14</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>121,856</td><td>30-Sep-2019</td><td>03:15</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>115,712</td><td>30-Sep-2019</td><td>03:16</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>123,904</td><td>30-Sep-2019</td><td>03:17</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>125,440</td><td>30-Sep-2019</td><td>03:17</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>72,704</td><td>30-Sep-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>73,728</td><td>30-Sep-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Inetcpl.cpl.mui</td><td>11.0.9600.19502</td><td>73,728</td><td>30-Sep-2019</td><td>03:19</td><td>Not applicable</td></tr><tr><td>Microsoft-windows-ie-htmlrendering.ptxml</td><td>Not applicable</td><td>3,228</td><td>28-Sep-2019</td><td>03:48</td><td>Not applicable</td></tr><tr><td>Mshtml.dll</td><td>11.0.9600.19502</td><td>25,752,576</td><td>28-Sep-2019</td><td>07:11</td><td>x64</td></tr><tr><td>Mshtml.tlb</td><td>11.0.9600.19502</td><td>2,724,864</td><td>28-Sep-2019</td><td>06:59</td><td>Not applicable</td></tr><tr><td>Ieproxy.dll</td><td>11.0.9600.19502</td>