This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of emf files in the gdiplus library. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
{"id": "ZDI-19-190", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "Microsoft Windows gdiplus bHandleExtCreateFont Out-Of-Bounds Read Information Disclosure Vulnerability", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of emf files in the gdiplus library. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "published": "2019-02-12T00:00:00", "modified": "2019-02-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-19-190/", "reporter": "riusksk of VulWar Corp", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602"], "cvelist": ["CVE-2019-0602"], "immutableFields": [], "lastseen": "2022-02-10T00:00:00", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-1520"]}, {"type": "cve", "idList": ["CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0660", "CVE-2019-0664"]}, {"type": "kaspersky", "idList": ["KLA11418", "KLA11879"]}, {"type": "mscve", "idList": ["MS:CVE-2019-0602"]}, {"type": "mskb", "idList": ["KB4487085"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_FEB_4486563.NASL", "SMB_NT_MS19_FEB_4486996.NASL", "SMB_NT_MS19_FEB_4487000.NASL", "SMB_NT_MS19_FEB_4487017.NASL", "SMB_NT_MS19_FEB_4487018.NASL", "SMB_NT_MS19_FEB_4487019.NASL", "SMB_NT_MS19_FEB_4487020.NASL", "SMB_NT_MS19_FEB_4487025.NASL", "SMB_NT_MS19_FEB_4487026.NASL", "SMB_NT_MS19_FEB_4487044.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814671", "OPENVAS:1361412562310814672", "OPENVAS:1361412562310814673", "OPENVAS:1361412562310814686", "OPENVAS:1361412562310814843", "OPENVAS:1361412562310814910", "OPENVAS:1361412562310814911", "OPENVAS:1361412562310814912"]}, {"type": "symantec", "idList": ["SMNTC-106858"]}, {"type": "talosblog", "idList": ["TALOSBLOG:AB5E63755953149993334997F5123794"]}]}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2019-1520"]}, {"type": "cve", "idList": ["CVE-2019-0602"]}, {"type": "kaspersky", "idList": ["KLA11418"]}, {"type": "mscve", "idList": ["MS:CVE-2019-0602"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_FEB_4487026.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310814671", "OPENVAS:1361412562310814672", "OPENVAS:1361412562310814673", "OPENVAS:1361412562310814686", "OPENVAS:1361412562310814843", "OPENVAS:1361412562310814910", "OPENVAS:1361412562310814911", "OPENVAS:1361412562310814912"]}, {"type": "symantec", "idList": ["SMNTC-106858"]}, {"type": "talosblog", "idList": ["TALOSBLOG:AB5E63755953149993334997F5123794"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-0602", "epss": "0.316720000", "percentile": "0.962790000", "modified": "2023-03-15"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1647589307, "score": 1659743467, "epss": 1678948994}}
{"checkpoint_advisories": [{"lastseen": "2021-12-17T15:24:46", "description": "An information disclosure vulnerability exists in the Graphics Device Interface (GDI) component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-11-26T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Graphics Device Interface Information Disclosure (CVE-2019-0602)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602"], "modified": "2019-11-26T00:00:00", "id": "CPAI-2019-1520", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "mscve": [{"lastseen": "2023-03-17T02:35:21", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-02-12T08:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602"], "modified": "2019-02-12T08:00:00", "id": "MS:CVE-2019-0602", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0602", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "symantec": [{"lastseen": "2021-06-08T19:05:45", "description": "### Description\n\nMicrosoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 Version 1709 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for 32-bit Systems \n * Microsoft Windows 10 Version 1803 for ARM64-based Systems \n * Microsoft Windows 10 Version 1803 for x64-based Systems \n * Microsoft Windows 10 Version 1809 for 32-bit Systems \n * Microsoft Windows 10 Version 1809 for ARM64-based Systems \n * Microsoft Windows 10 Version 1809 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 1709 \n * Microsoft Windows Server 1803 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Server 2019 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2019-02-12T00:00:00", "type": "symantec", "title": "Microsoft Windows GDI Component CVE-2019-0602 Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-0602"], "modified": "2019-02-12T00:00:00", "id": "SMNTC-106858", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/106858", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-02-09T14:22:45", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0660, CVE-2019-0664.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0619", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0660", "CVE-2019-0664"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0619", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:22:43", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0616", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0660", "CVE-2019-0664"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:22:40", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0602", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0660", "CVE-2019-0664"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0602", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0602", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:itanium:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:22:50", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0664.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0660", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0660", "CVE-2019-0664"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0660", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0660", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:22:53", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0664", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0660", "CVE-2019-0664"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:-"], "id": "CVE-2019-0664", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0664", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:22:43", "description": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-05T23:29:00", "type": "cve", "title": "CVE-2019-0615", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0660", "CVE-2019-0664"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1803", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2019-0615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0615", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*"]}], "mskb": [{"lastseen": "2021-01-01T22:40:59", "description": "<html><body><p>Resolves vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009.</p><h2>Notice</h2><p>This update was rereleased February 15, 2019 to address a known issue that occurred when you installed the original\u00a0February 12, 2019 version of\u00a0the update.\u00a0</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update adresses the following vulnerabilities:<ul><li>Remote code execution vulnerabilities exist because of the manner in which the Windows Graphics Device Interface (GDI) handles objects in the memory.</li><li>Information disclosure vulnerabilities exist when the Windows GDI component incorrectly discloses the contents of its memory.</li></ul>To learn more about the vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE).<ul class=\"sbody-free_list\"><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0602</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0615\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0615</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0616\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0616</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0618\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0618</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0619\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0619</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0660\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0660</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0662</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0664\" id=\"kb-link-2\" target=\"_self\">CVE-2019-0664</a></li></ul></div><h2>Known issues in this security update</h2><p>After you install the originally released version of this security update (from February 12, 2019), applications that use the msvcrt.dll dynamic link library (DLL) do not load properly. When the problem occurs, you receive error messages that resemble the following (where <em>[SamepleDLLNname]</em>\u00a0 is the application's DLL):</p><div class=\"sbody-error\"><p>The procedure entry point sprinttf_s could not be located in the dynamic link library msvcrt.dll.</p><p>Error loading C:\\WINDOWS\\system32\\<em>[SamepleDLLNname]</em>.dll</p></div><p>This issue is resolved in the current version of this update which was released February 15, 2019.\u00a0</p><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><h3>Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://support.microsoft.com/help/12373/windows-update-faqx\" id=\"kb-link-13\" target=\"_self\">Windows Update: FAQ</a>.</div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the standalone package for this update, go to the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4487085\" id=\"kb-link-14\" target=\"_self\">Microsoft Update Catalog</a> website.</div></div><p><strong class=\"sbody-strong\">Important </strong></p><ul class=\"sbody-free_list\"><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</li></ul><h2>Information about protection and security</h2><ul><li>Protect yourself online: <a href=\"https://support.microsoft.com/hub/4099151/windows-security-help\"> Windows Security support</a></li><li>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\"> Microsoft Security</a></li></ul> <h2>File Information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>WindowsXP-KB4487085-v2-x86-Embedded-ENU.exe</td><td>667F051FFE98FF99495E9B6EDE2B8C321ABA1CA3</td><td>45999951181B03981DED92600E60EE9E709E0D63184C1EC254CA840510F3CC2E</td></tr></tbody></table></td></tr></tbody></table><p><strong>File information</strong><br/><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.</span></p><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td><td><strong class=\"sbody-strong\">SP requirement</strong></td><td><strong class=\"sbody-strong\">Service branch</strong></td></tr><tr><td>Gdiplus.dll</td><td>5.2.6002.24561</td><td>1,738,240</td><td>15-Feb-2019</td><td>03:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr><tr><td>Gdiplus.man</td><td>Not applicable</td><td>398</td><td>15-Feb-2019</td><td>03:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Gdiplus.man</td><td>Not applicable</td><td>608</td><td>15-Feb-2019</td><td>02:29</td><td>Not applicable</td><td>None</td><td>Not applicable</td></tr><tr><td>Mf3216.dll</td><td>5.1.2600.7663</td><td>43,008</td><td>15-Feb-2019</td><td>03:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Gdiplus.dll</td><td>5.2.6002.24561</td><td>1,738,240</td><td>15-Feb-2019</td><td>03:28</td><td>x86</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Gdiplus.man</td><td>Not applicable</td><td>398</td><td>15-Feb-2019</td><td>03:29</td><td>Not applicable</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Gdiplus.man</td><td>Not applicable</td><td>608</td><td>15-Feb-2019</td><td>02:29</td><td>Not applicable</td><td>SP3</td><td>SP3QFE</td></tr><tr><td>Updspapi.dll</td><td>6.3.13.0</td><td>382,840</td><td>01-Feb-2018</td><td>21:28</td><td>x86</td><td>None</td><td>Not applicable</td></tr></tbody></table></td></tr></tbody></table><p>\u00a0</p></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "mskb", "title": "Description of the security update for the vulnerabilities in Windows Embedded POSReady 2009: February 12, 2019", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0618", "CVE-2019-0660", "CVE-2019-0602", "CVE-2019-0616", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0615", "CVE-2019-0664"], "modified": "2019-02-15T20:11:37", "id": "KB4487085", "href": "https://support.microsoft.com/en-us/help/4487085/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:48:43", "description": "The remote Windows host is missing security update 4487019 or cumulative update 4487023. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487019: Windows Server 2008 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0654", "CVE-2019-0657", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0664"], "modified": "2022-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4487019.NASL", "href": "https://www.tenable.com/plugins/nessus/122123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122123);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0654\",\n \"CVE-2019-0657\",\n \"CVE-2019-0660\",\n \"CVE-2019-0661\",\n \"CVE-2019-0662\",\n \"CVE-2019-0664\"\n );\n script_xref(name:\"MSKB\", value:\"4487023\");\n script_xref(name:\"MSKB\", value:\"4487019\");\n script_xref(name:\"MSFT\", value:\"MS19-4487023\");\n script_xref(name:\"MSFT\", value:\"MS19-4487019\");\n\n script_name(english:\"KB4487019: Windows Server 2008 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487019\nor cumulative update 4487023. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\");\n # https://support.microsoft.com/en-us/help/4487023/windows-server-2008-update-kb4487023\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68a182bd\");\n # https://support.microsoft.com/en-us/help/4487019/windows-server-2008-update-kb4487019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e07d6a61\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4487019 or Cumulative Update KB4487023.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487019', '4487023');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487019, 4487023])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:11", "description": "The remote Windows host is missing security update 4486993 or cumulative update 4487025. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4486993: Windows Server 2012 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0654", "CVE-2019-0657", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4487025.NASL", "href": "https://www.tenable.com/plugins/nessus/122125", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122125);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0633\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0654\",\n \"CVE-2019-0657\",\n \"CVE-2019-0660\",\n \"CVE-2019-0661\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0664\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4486993\");\n script_xref(name:\"MSKB\", value:\"4487025\");\n script_xref(name:\"MSFT\", value:\"MS19-4486993\");\n script_xref(name:\"MSFT\", value:\"MS19-4487025\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4486993: Windows Server 2012 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4486993\nor cumulative update 4487025. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4486993/windows-server-2012-update-kb4486993\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?067a0516\");\n # https://support.microsoft.com/en-us/help/4487025/windows-server-2012-update-kb4487025\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2ede4e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4486993 or Cumulative Update KB4487025.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4486993', '4487025');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4486993, 4487025])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:07", "description": "The remote Windows host is missing security update 4487028 or cumulative update 4487000. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487028: Windows 8.1 and Windows Server 2012 R2 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0654", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0660", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4487000.NASL", "href": "https://www.tenable.com/plugins/nessus/122120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122120);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0606\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0633\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0654\",\n \"CVE-2019-0656\",\n \"CVE-2019-0657\",\n \"CVE-2019-0660\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0664\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4487028\");\n script_xref(name:\"MSKB\", value:\"4487000\");\n script_xref(name:\"MSFT\", value:\"MS19-4487028\");\n script_xref(name:\"MSFT\", value:\"MS19-4487000\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4487028: Windows 8.1 and Windows Server 2012 R2 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487028\nor cumulative update 4487000. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4487028/windows-8-1-update-kb4487028\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?220ebfca\");\n # https://support.microsoft.com/en-us/help/4487000/windows-8-1-update-kb4487000\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a603136\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4487028 or Cumulative Update KB4487000.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487028', '4487000');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487028, 4487000])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:29", "description": "The remote Windows host is missing security update 4486564 or cumulative update 4486563. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4486564: Windows 7 and Windows Server 2008 R2 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0654", "CVE-2019-0657", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4486563.NASL", "href": "https://www.tenable.com/plugins/nessus/122118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122118);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0606\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0654\",\n \"CVE-2019-0657\",\n \"CVE-2019-0660\",\n \"CVE-2019-0661\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0664\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4486564\");\n script_xref(name:\"MSKB\", value:\"4486563\");\n script_xref(name:\"MSFT\", value:\"MS19-4486564\");\n script_xref(name:\"MSFT\", value:\"MS19-4486563\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4486564: Windows 7 and Windows Server 2008 R2 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4486564\nor cumulative update 4486563. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660, CVE-2019-0664)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. An authenticated attacker could exploit this\n vulnerability by running a specially crafted\n application. The update addresses the vulnerability by\n correcting how the Windows kernel handles objects in\n memory. (CVE-2019-0661)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4486564/windows-7-update-kb4486564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2c21cca\");\n # https://support.microsoft.com/en-us/help/4486563/windows-7-update-kb4486563\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf04f83f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4486564 or Cumulative Update KB4486563.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4486564', '4486563');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4486564, 4486563])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:09", "description": "The remote Windows host is missing security update 4487017.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2019-0627, CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections. This vulnerability occurs when Windows is connected to both an ethernet network and a cellular network. An attacker would have no way to trigger this vulnerability remotely, and this vulnerability by itself does not allow Windows to be exploited. This update addresses the behavior by correcting how Windows Defender Firewall handles firewall profiles when ethernet and cellular network connections are both present. (CVE-2019-0637)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487017: Windows 10 Version 1803 and Windows Server Version 1803 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0637", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0662"], "modified": "2022-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4487017.NASL", "href": "https://www.tenable.com/plugins/nessus/122121", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122121);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0627\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0631\",\n \"CVE-2019-0632\",\n \"CVE-2019-0633\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0637\",\n \"CVE-2019-0656\",\n \"CVE-2019-0657\",\n \"CVE-2019-0659\",\n \"CVE-2019-0660\",\n \"CVE-2019-0662\"\n );\n script_xref(name:\"MSKB\", value:\"4487017\");\n script_xref(name:\"MSFT\", value:\"MS19-4487017\");\n\n script_name(english:\"KB4487017: Windows 10 Version 1803 and Windows Server Version 1803 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487017.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard. An attacker who successfully exploited this\n vulnerability could circumvent a User Mode Code\n Integrity (UMCI) policy on the machine. (CVE-2019-0627,\n CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - A security feature bypass vulnerability exists when\n Windows Defender Firewall incorrectly applies firewall\n profiles to cellular network connections. This\n vulnerability occurs when Windows is connected to both\n an ethernet network and a cellular network. An attacker\n would have no way to trigger this vulnerability\n remotely, and this vulnerability by itself does not\n allow Windows to be exploited. This update addresses the\n behavior by correcting how Windows Defender Firewall\n handles firewall profiles when ethernet and cellular\n network connections are both present. (CVE-2019-0637)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\");\n # https://support.microsoft.com/en-us/help/4487017/windows-10-update-kb4487017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f84e87c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4487017.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487017');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487017])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:30", "description": "The remote Windows host is missing security update 4486996. It is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2019-0627, CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections. This vulnerability occurs when Windows is connected to both an ethernet network and a cellular network. An attacker would have no way to trigger this vulnerability remotely, and this vulnerability by itself does not allow Windows to be exploited. This update addresses the behavior by correcting how Windows Defender Firewall handles firewall profiles when ethernet and cellular network connections are both present. (CVE-2019-0637)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4486996: Windows 10 Version 1709 and Windows Server Version 1709 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0637", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0662", "CVE-2019-0663"], "modified": "2022-05-23T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS19_FEB_4486996.NASL", "href": "https://www.tenable.com/plugins/nessus/122119", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122119);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0627\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0631\",\n \"CVE-2019-0632\",\n \"CVE-2019-0633\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0637\",\n \"CVE-2019-0656\",\n \"CVE-2019-0657\",\n \"CVE-2019-0659\",\n \"CVE-2019-0660\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\"\n );\n script_xref(name:\"MSKB\", value:\"4486996\");\n script_xref(name:\"MSFT\", value:\"MS19-4486996\");\n\n script_name(english:\"KB4486996: Windows 10 Version 1709 and Windows Server Version 1709 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4486996. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard. An attacker who successfully exploited this\n vulnerability could circumvent a User Mode Code\n Integrity (UMCI) policy on the machine. (CVE-2019-0627,\n CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - A security feature bypass vulnerability exists when\n Windows Defender Firewall incorrectly applies firewall\n profiles to cellular network connections. This\n vulnerability occurs when Windows is connected to both\n an ethernet network and a cellular network. An attacker\n would have no way to trigger this vulnerability\n remotely, and this vulnerability by itself does not\n allow Windows to be exploited. This update addresses the\n behavior by correcting how Windows Defender Firewall\n handles firewall profiles when ethernet and cellular\n network connections are both present. (CVE-2019-0637)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4486996/windows-10-update-kb4486996\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e794af1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4486996.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4486996');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4486996])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:07", "description": "The remote Windows host is missing security update 4487018.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0645)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660)\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2019-0627, CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0642, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487018: Windows 10 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0590", "CVE-2019-0591", "CVE-2019-0593", "CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0605", "CVE-2019-0606", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0642", "CVE-2019-0645", "CVE-2019-0651", "CVE-2019-0652", "CVE-2019-0654", "CVE-2019-0655", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_FEB_4487018.NASL", "href": "https://www.tenable.com/plugins/nessus/122122", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122122);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0590\",\n \"CVE-2019-0591\",\n \"CVE-2019-0593\",\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0605\",\n \"CVE-2019-0606\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0627\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0631\",\n \"CVE-2019-0632\",\n \"CVE-2019-0633\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0642\",\n \"CVE-2019-0645\",\n \"CVE-2019-0651\",\n \"CVE-2019-0652\",\n \"CVE-2019-0654\",\n \"CVE-2019-0655\",\n \"CVE-2019-0656\",\n \"CVE-2019-0657\",\n \"CVE-2019-0659\",\n \"CVE-2019-0660\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4487018\");\n script_xref(name:\"MSFT\", value:\"MS19-4487018\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4487018: Windows 10 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487018.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0645)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0656)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660)\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard. An attacker who successfully exploited this\n vulnerability could circumvent a User Mode Code\n Integrity (UMCI) policy on the machine. (CVE-2019-0627,\n CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0590,\n CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,\n CVE-2019-0642, CVE-2019-0651, CVE-2019-0652,\n CVE-2019-0655)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4487018/windows-10-update-kb4487018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d94fb34\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4487018.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487018');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487018])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:29", "description": "The remote Windows host is missing security update 4487026. It is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0645)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660)\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2019-0627, CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0656)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487026: Windows 10 Version 1607 and Windows Server 2016 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0590", "CVE-2019-0591", "CVE-2019-0593", "CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0605", "CVE-2019-0606", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0642", "CVE-2019-0644", "CVE-2019-0645", "CVE-2019-0651", "CVE-2019-0652", "CVE-2019-0654", "CVE-2019-0655", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_FEB_4487026.NASL", "href": "https://www.tenable.com/plugins/nessus/122126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122126);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0590\",\n \"CVE-2019-0591\",\n \"CVE-2019-0593\",\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0605\",\n \"CVE-2019-0606\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0627\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0631\",\n \"CVE-2019-0632\",\n \"CVE-2019-0633\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0642\",\n \"CVE-2019-0644\",\n \"CVE-2019-0645\",\n \"CVE-2019-0651\",\n \"CVE-2019-0652\",\n \"CVE-2019-0654\",\n \"CVE-2019-0655\",\n \"CVE-2019-0656\",\n \"CVE-2019-0657\",\n \"CVE-2019-0659\",\n \"CVE-2019-0660\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4487026\");\n script_xref(name:\"MSFT\", value:\"MS19-4487026\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4487026: Windows 10 Version 1607 and Windows Server 2016 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487026. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0645)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0590,\n CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,\n CVE-2019-0642, CVE-2019-0644, CVE-2019-0651,\n CVE-2019-0652, CVE-2019-0655)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660)\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard. An attacker who successfully exploited this\n vulnerability could circumvent a User Mode Code\n Integrity (UMCI) policy on the machine. (CVE-2019-0627,\n CVE-2019-0631, CVE-2019-0632)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0606)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0656)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4487026/windows-10-update-kb4487026\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?647a783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4487026.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487026');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487026])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:06", "description": "The remote Windows host is missing security update 4487020. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - A vulnerability exists in Microsoft Chakra JIT server.\n An attacker who successfully exploited this vulnerability could gain elevated privileges. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how Microsoft Chakra handles constructorCaches.\n (CVE-2019-0649)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0656)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0634, CVE-2019-0645)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0658)\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2019-0627, CVE-2019-0631, CVE-2019-0632)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting. Edge depends on a default whitelist of sites where Adobe Flash will load without user interaction. Because the whitelist was not scheme-aware, an attacker could use a man in the middle attack to cause Flash policies to be bypassed and arbitrary Flash content to be loaded without user interaction. The security update addresses the vulnerability by modifying how affected Microsoft Edge handles whitelisting. (CVE-2019-0641)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.\n (CVE-2019-0663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487020: Windows 10 Version 1703 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0590", "CVE-2019-0591", "CVE-2019-0593", "CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0605", "CVE-2019-0606", "CVE-2019-0610", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0634", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0640", "CVE-2019-0641", "CVE-2019-0642", "CVE-2019-0644", "CVE-2019-0645", "CVE-2019-0649", "CVE-2019-0651", "CVE-2019-0652", "CVE-2019-0654", "CVE-2019-0655", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0658", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_FEB_4487020.NASL", "href": "https://www.tenable.com/plugins/nessus/122124", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122124);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0590\",\n \"CVE-2019-0591\",\n \"CVE-2019-0593\",\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0605\",\n \"CVE-2019-0606\",\n \"CVE-2019-0610\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0623\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0627\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0631\",\n \"CVE-2019-0632\",\n \"CVE-2019-0633\",\n \"CVE-2019-0634\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0640\",\n \"CVE-2019-0641\",\n \"CVE-2019-0642\",\n \"CVE-2019-0644\",\n \"CVE-2019-0645\",\n \"CVE-2019-0649\",\n \"CVE-2019-0651\",\n \"CVE-2019-0652\",\n \"CVE-2019-0654\",\n \"CVE-2019-0655\",\n \"CVE-2019-0656\",\n \"CVE-2019-0657\",\n \"CVE-2019-0658\",\n \"CVE-2019-0659\",\n \"CVE-2019-0660\",\n \"CVE-2019-0662\",\n \"CVE-2019-0663\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4487020\");\n script_xref(name:\"MSFT\", value:\"MS19-4487020\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4487020: Windows 10 Version 1703 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487020. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0606)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2019-0623)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - A vulnerability exists in Microsoft Chakra JIT server.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges. The\n vulnerability by itself does not allow arbitrary code to\n run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (for\n example a remote code execution vulnerability and\n another elevation of privilege vulnerability) to take\n advantage of the elevated privileges when running. The\n security update addresses the vulnerability by modifying\n how Microsoft Chakra handles constructorCaches.\n (CVE-2019-0649)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0656)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0634,\n CVE-2019-0645)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0590,\n CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,\n CVE-2019-0610, CVE-2019-0640, CVE-2019-0642,\n CVE-2019-0644, CVE-2019-0651, CVE-2019-0652,\n CVE-2019-0655)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0658)\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard. An attacker who successfully exploited this\n vulnerability could circumvent a User Mode Code\n Integrity (UMCI) policy on the machine. (CVE-2019-0627,\n CVE-2019-0631, CVE-2019-0632)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge handles whitelisting. Edge depends on a\n default whitelist of sites where Adobe Flash will load\n without user interaction. Because the whitelist was not\n scheme-aware, an attacker could use a man in the middle\n attack to cause Flash policies to be bypassed and\n arbitrary Flash content to be loaded without user\n interaction. The security update addresses the\n vulnerability by modifying how affected Microsoft Edge\n handles whitelisting. (CVE-2019-0641)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n To exploit this vulnerability, an authenticated attacker\n could run a specially crafted application. An attacker who\n successfully exploited this vulnerability could obtain\n information to further compromise the user's system.\n (CVE-2019-0663)\");\n # https://support.microsoft.com/en-us/help/4487020/windows-10-update-kb4487020\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c56bb182\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4487020.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487020');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487020])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:45", "description": "The remote Windows host is missing security update 4487044. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0634, CVE-2019-0645, CVE-2019-0650)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-0606)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-0621)\n\n - A vulnerability exists in Microsoft Chakra JIT server.\n An attacker who successfully exploited this vulnerability could gain elevated privileges. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how Microsoft Chakra handles constructorCaches.\n (CVE-2019-0649)\n\n - An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data.\n (CVE-2019-0648)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0628)\n\n - A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0618, CVE-2019-0662)\n\n - A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections. This vulnerability occurs when Windows is connected to both an ethernet network and a cellular network. An attacker would have no way to trigger this vulnerability remotely, and this vulnerability by itself does not allow Windows to be exploited. This update addresses the behavior by correcting how Windows Defender Firewall handles firewall profiles when ethernet and cellular network connections are both present. (CVE-2019-0637)\n\n - An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0656)\n\n - An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. (CVE-2019-0600, CVE-2019-0601)\n\n - An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser. (CVE-2019-0643)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-0658)\n\n - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2019-0627, CVE-2019-0631, CVE-2019-0632)\n\n - A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting. Edge depends on a default whitelist of sites where Adobe Flash will load without user interaction. Because the whitelist was not scheme-aware, an attacker could use a man in the middle attack to cause Flash policies to be bypassed and arbitrary Flash content to be loaded without user interaction. The security update addresses the vulnerability by modifying how affected Microsoft Edge handles whitelisting. (CVE-2019-0641)\n\n - A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "nessus", "title": "KB4487044: Windows 10 Version 1809 and Windows Server 2019 February 2019 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0590", "CVE-2019-0591", "CVE-2019-0593", "CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0605", "CVE-2019-0606", "CVE-2019-0607", "CVE-2019-0610", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0634", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0637", "CVE-2019-0640", "CVE-2019-0641", "CVE-2019-0642", "CVE-2019-0643", "CVE-2019-0644", "CVE-2019-0645", "CVE-2019-0648", "CVE-2019-0649", "CVE-2019-0650", "CVE-2019-0651", "CVE-2019-0652", "CVE-2019-0654", "CVE-2019-0655", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0658", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0662", "CVE-2019-0676"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS19_FEB_4487044.NASL", "href": "https://www.tenable.com/plugins/nessus/122127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122127);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2019-0590\",\n \"CVE-2019-0591\",\n \"CVE-2019-0593\",\n \"CVE-2019-0595\",\n \"CVE-2019-0596\",\n \"CVE-2019-0597\",\n \"CVE-2019-0598\",\n \"CVE-2019-0599\",\n \"CVE-2019-0600\",\n \"CVE-2019-0601\",\n \"CVE-2019-0602\",\n \"CVE-2019-0605\",\n \"CVE-2019-0606\",\n \"CVE-2019-0607\",\n \"CVE-2019-0610\",\n \"CVE-2019-0613\",\n \"CVE-2019-0615\",\n \"CVE-2019-0616\",\n \"CVE-2019-0618\",\n \"CVE-2019-0619\",\n \"CVE-2019-0621\",\n \"CVE-2019-0625\",\n \"CVE-2019-0626\",\n \"CVE-2019-0627\",\n \"CVE-2019-0628\",\n \"CVE-2019-0630\",\n \"CVE-2019-0631\",\n \"CVE-2019-0632\",\n \"CVE-2019-0633\",\n \"CVE-2019-0634\",\n \"CVE-2019-0635\",\n \"CVE-2019-0636\",\n \"CVE-2019-0637\",\n \"CVE-2019-0640\",\n \"CVE-2019-0641\",\n \"CVE-2019-0642\",\n \"CVE-2019-0643\",\n \"CVE-2019-0644\",\n \"CVE-2019-0645\",\n \"CVE-2019-0648\",\n \"CVE-2019-0649\",\n \"CVE-2019-0650\",\n \"CVE-2019-0651\",\n \"CVE-2019-0652\",\n \"CVE-2019-0654\",\n \"CVE-2019-0655\",\n \"CVE-2019-0656\",\n \"CVE-2019-0657\",\n \"CVE-2019-0658\",\n \"CVE-2019-0659\",\n \"CVE-2019-0660\",\n \"CVE-2019-0662\",\n \"CVE-2019-0676\"\n );\n script_xref(name:\"MSKB\", value:\"4487044\");\n script_xref(name:\"MSFT\", value:\"MS19-4487044\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4487044: Windows 10 Version 1809 and Windows Server 2019 February 2019 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4487044. \nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in .NET\n Framework and Visual Studio software when the software\n fails to check the source markup of a file. An attacker\n who successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2019-0613)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0634,\n CVE-2019-0645, CVE-2019-0650)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0590,\n CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,\n CVE-2019-0607, CVE-2019-0610, CVE-2019-0640,\n CVE-2019-0642, CVE-2019-0644, CVE-2019-0651,\n CVE-2019-0652, CVE-2019-0655)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2019-0606)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2019-0635)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0621)\n\n - A vulnerability exists in Microsoft Chakra JIT server.\n An attacker who successfully exploited this\n vulnerability could gain elevated privileges. The\n vulnerability by itself does not allow arbitrary code to\n run. However, this vulnerability could be used in\n conjunction with one or more vulnerabilities (for\n example a remote code execution vulnerability and\n another elevation of privilege vulnerability) to take\n advantage of the elevated privileges when running. The\n security update addresses the vulnerability by modifying\n how Microsoft Chakra handles constructorCaches.\n (CVE-2019-0649)\n\n - An information disclosure vulnerability exists when\n Chakra improperly discloses the contents of its memory,\n which could provide an attacker with information to\n further compromise the users computer or data.\n (CVE-2019-0648)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2019-0628)\n\n - A remote code execution vulnerability exists in the way\n that the Windows Graphics Device Interface (GDI) handles\n objects in the memory. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2019-0618,\n CVE-2019-0662)\n\n - A security feature bypass vulnerability exists when\n Windows Defender Firewall incorrectly applies firewall\n profiles to cellular network connections. This\n vulnerability occurs when Windows is connected to both\n an ethernet network and a cellular network. An attacker\n would have no way to trigger this vulnerability\n remotely, and this vulnerability by itself does not\n allow Windows to be exploited. This update addresses the\n behavior by correcting how Windows Defender Firewall\n handles firewall profiles when ethernet and cellular\n network connections are both present. (CVE-2019-0637)\n\n - An information vulnerability exists when Windows\n improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to read the contents of files on disk.\n (CVE-2019-0636)\n\n - A remote code execution vulnerability exists when the\n Windows Jet Database Engine improperly handles objects\n in memory. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on a victim\n system. An attacker could exploit this vulnerability by\n enticing a victim to open a specially crafted file. The\n update addresses the vulnerability by correcting the way\n the Windows Jet Database Engine handles objects in\n memory. (CVE-2019-0595, CVE-2019-0596, CVE-2019-0597,\n CVE-2019-0598, CVE-2019-0599, CVE-2019-0625)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2019-0656)\n\n - An information disclosure vulnerability exists when the\n Human Interface Devices (HID) component improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could obtain information to\n further compromise the victims system. (CVE-2019-0600,\n CVE-2019-0601)\n\n - An elevation of privilege vulnerability exists when the\n Storage Service improperly handles file operations. An\n attacker who successfully exploited this vulnerability\n could gain elevated privileges on the victim system.\n (CVE-2019-0659)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited this\n vulnerability could test for the presence of files on\n disk. For an attack to be successful, an attacker must\n persuade a user to open a malicious website. The\n security update addresses the vulnerability by changing\n the way Internet Explorer handles objects in memory.\n (CVE-2019-0676)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2019-0643)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP server. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code on the DHCP server. (CVE-2019-0626)\n\n - An information disclosure vulnerability exists when the\n Windows GDI component improperly discloses the contents\n of its memory. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document,\n or by convincing a user to visit an untrusted webpage.\n The security update addresses the vulnerability by\n correcting how the Windows GDI component handles objects\n in memory. (CVE-2019-0602, CVE-2019-0615, CVE-2019-0616,\n CVE-2019-0619, CVE-2019-0660)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2019-0658)\n\n - A security feature bypass vulnerability exists in\n Windows which could allow an attacker to bypass Device\n Guard. An attacker who successfully exploited this\n vulnerability could circumvent a User Mode Code\n Integrity (UMCI) policy on the machine. (CVE-2019-0627,\n CVE-2019-0631, CVE-2019-0632)\n\n - A vulnerability exists in certain .Net Framework API's\n and Visual Studio in the way they parse URL's. An\n attacker who successfully exploited this vulnerability\n could use it to bypass security logic intended to ensure\n that a user-provided URL belonged to a specific hostname\n or a subdomain of that hostname. This could be used to\n cause privileged communication to be made to an\n untrusted service as if it was a trusted service.\n (CVE-2019-0657)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge handles whitelisting. Edge depends on a\n default whitelist of sites where Adobe Flash will load\n without user interaction. Because the whitelist was not\n scheme-aware, an attacker could use a man in the middle\n attack to cause Flash policies to be bypassed and\n arbitrary Flash content to be loaded without user\n interaction. The security update addresses the\n vulnerability by modifying how affected Microsoft Edge\n handles whitelisting. (CVE-2019-0641)\n\n - A spoofing vulnerability exists when Microsoft browsers\n improperly handles specific redirects. An attacker who\n successfully exploited this vulnerability could trick a\n user into believing that the user was on a legitimate\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2019-0654)\n\n - A remote code execution vulnerability exists in the way\n that the Microsoft Server Message Block 2.0 (SMBv2)\n server handles certain requests. An attacker who\n successfully exploited the vulnerability could gain the\n ability to execute code on the target server.\n (CVE-2019-0630, CVE-2019-0633)\");\n # https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aaaa86ad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4487044.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0662\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-0626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS19-02\";\nkbs = make_list('4487044');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"02_2019\",\n bulletin:bulletin,\n rollup_kb_list:[4487044])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-05T16:27:15", "description": "This host is missing a critical security\n update according to Microsoft KB4486563", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4486563)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0595", "CVE-2019-0660", "CVE-2019-0597", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0654", "CVE-2019-0661", "CVE-2019-0616", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0596", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0621", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0615", "CVE-2019-0664", "CVE-2019-0623", "CVE-2019-0635"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814686", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814686", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814686\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0595\", \"CVE-2019-0596\", \"CVE-2019-0597\", \"CVE-2019-0598\",\n \"CVE-2019-0599\", \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\",\n \"CVE-2019-0606\", \"CVE-2019-0615\", \"CVE-2019-0616\", \"CVE-2019-0618\",\n \"CVE-2019-0619\", \"CVE-2019-0621\", \"CVE-2019-0623\", \"CVE-2019-0625\",\n \"CVE-2019-0626\", \"CVE-2019-0628\", \"CVE-2019-0630\", \"CVE-2019-0635\",\n \"CVE-2019-0636\", \"CVE-2019-0654\", \"CVE-2019-0660\", \"CVE-2019-0661\",\n \"CVE-2019-0662\", \"CVE-2019-0664\", \"CVE-2019-0676\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 10:33:26 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4486563)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4486563\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the\n target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Human Interface Devices (HID) component improperly handles objects in memory.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Win32k component fails to properly handle objects in memory.\n\n - DHCP servers fails to properly handle network packets.\n\n - Microsoft Server Message Block 2.0 (SMBv2) server improperly handles\n specially crafted requests.\n\n - Windows Hyper-V on a host operating system fails to properly validate input\n from an authenticated user on a guest operating system.\n\n - Microsoft browsers improperly handles specific redirects.\n\n - Internet Explorer improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code on a victim system, obtain information\n to further compromise the user's system, gain elevated privileges and\n conduct spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4486563\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\ndllPath = smb_get_system32root();\nif(!dllPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:dllPath, file_name:\"Ntoskrnl.exe\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24354\"))\n{\n report = report_fixed_ver(file_checked:dllPath + \"\\Ntoskrnl.exe\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24354\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T20:40:54", "description": "This host is missing a critical security\n update according to Microsoft KB4487000", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4487000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0595", "CVE-2019-0656", "CVE-2019-0660", "CVE-2019-0597", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0654", "CVE-2019-0616", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0596", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0621", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0555", "CVE-2019-0615", "CVE-2019-0633", "CVE-2019-0664", "CVE-2019-0623", "CVE-2019-0635"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310814843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814843", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814843\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2019-0555\", \"CVE-2019-0595\", \"CVE-2019-0596\", \"CVE-2019-0597\",\n \"CVE-2019-0598\", \"CVE-2019-0599\", \"CVE-2019-0600\", \"CVE-2019-0601\",\n \"CVE-2019-0602\", \"CVE-2019-0606\", \"CVE-2019-0615\", \"CVE-2019-0616\",\n \"CVE-2019-0618\", \"CVE-2019-0619\", \"CVE-2019-0621\", \"CVE-2019-0623\",\n \"CVE-2019-0625\", \"CVE-2019-0626\", \"CVE-2019-0628\", \"CVE-2019-0630\",\n \"CVE-2019-0633\", \"CVE-2019-0635\", \"CVE-2019-0636\", \"CVE-2019-0654\",\n \"CVE-2019-0656\", \"CVE-2019-0660\", \"CVE-2019-0662\", \"CVE-2019-0664\",\n \"CVE-2019-0676\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 15:18:39 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4487000)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4487000\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists\n\n - When the Windows Jet Database Engine improperly handles objects in memory.\n\n - When the Windows GDI component improperly discloses the contents of its memory.\n\n - When Internet Explorer improperly handles objects in memory.\n\n - In the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles\n certain requests...\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to elevate privileges, execute arbitrary code, read unauthorized\n information and cause spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4487000/windows-8-1-update-kb4487000\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Msi.dll\");\nif(!fileVer)\n exit(0);\n\nif(version_is_less(version:fileVer, test_version:\"5.0.9600.19268\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\Msi.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 5.0.9600.19268\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T12:52:49", "description": "This host is missing a critical security\n update according to Microsoft KB4487026", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4487026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0645", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0590", "CVE-2019-0595", "CVE-2019-0656", "CVE-2019-0660", "CVE-2019-0642", "CVE-2019-0597", "CVE-2019-0651", "CVE-2019-0657", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0605", "CVE-2019-0654", "CVE-2019-0659", "CVE-2019-0644", "CVE-2019-0627", "CVE-2019-0616", "CVE-2019-0613", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0652", "CVE-2019-0631", "CVE-2019-0596", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0655", "CVE-2019-0632", "CVE-2019-0621", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0555", "CVE-2019-0615", "CVE-2019-0633", "CVE-2019-0623", "CVE-2019-0635", "CVE-2019-0591", "CVE-2019-0593"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310814671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814671", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814671\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2019-0590\", \"CVE-2019-0591\", \"CVE-2019-0593\", \"CVE-2019-0652\",\n \"CVE-2019-0654\", \"CVE-2019-0655\", \"CVE-2019-0656\", \"CVE-2019-0595\",\n \"CVE-2019-0596\", \"CVE-2019-0597\", \"CVE-2019-0657\", \"CVE-2019-0598\",\n \"CVE-2019-0599\", \"CVE-2019-0659\", \"CVE-2019-0660\", \"CVE-2019-0662\",\n \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\", \"CVE-2019-0676\",\n \"CVE-2019-0605\", \"CVE-2019-0606\", \"CVE-2019-0613\", \"CVE-2019-0615\",\n \"CVE-2019-0616\", \"CVE-2019-0618\", \"CVE-2019-0619\", \"CVE-2019-0625\",\n \"CVE-2019-0626\", \"CVE-2019-0627\", \"CVE-2019-0628\", \"CVE-2019-0630\",\n \"CVE-2019-0631\", \"CVE-2019-0632\", \"CVE-2019-0633\", \"CVE-2019-0635\",\n \"CVE-2019-0636\", \"CVE-2019-0642\", \"CVE-2019-0644\", \"CVE-2019-0645\",\n \"CVE-2019-0651\", \"CVE-2019-0621\", \"CVE-2019-0623\", \"CVE-2019-0555\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 08:21:34 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4487026)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4487026\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft Server Message Block 2 server improperly handles certain requests.\n\n - An error in Windows which could allow an attacker to bypass Device Guard.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in\n the memory.\n\n - Windows GDI component improperly discloses the contents of its\n memory.\n\n - Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error when Windows improperly discloses file information.\n\n - Internet Explorer improperly handles objects in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft browsers improperly handles specific redirects.\n\n - An error in the scripting engine while handling objects in memory in\n Microsoft Edge.\n\n - The Storage Service improperly handles file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Server DHCP service improperly handle specially crafted\n packets to a DHCP server.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The Human Interface Devices (HID) component improperly handles objects in\n memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - The win32k component improperly provides kernel information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute code on the target server, obtain information to\n further compromise the user's system, gain escalated privileges, bypass\n security restriction and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4487026\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2790\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2790\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:27", "description": "This host is missing a critical security\n update according to Microsoft KB4487018", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4487018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0645", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0590", "CVE-2019-0595", "CVE-2019-0656", "CVE-2019-0660", "CVE-2019-0642", "CVE-2019-0597", "CVE-2019-0651", "CVE-2019-0657", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0605", "CVE-2019-0654", "CVE-2019-0659", "CVE-2019-0627", "CVE-2019-0616", "CVE-2019-0613", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0652", "CVE-2019-0631", "CVE-2019-0596", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0655", "CVE-2019-0632", "CVE-2019-0621", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0555", "CVE-2019-0615", "CVE-2019-0633", "CVE-2019-0623", "CVE-2019-0635", "CVE-2019-0591", "CVE-2019-0593"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814673", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814673\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0590\", \"CVE-2019-0591\", \"CVE-2019-0593\", \"CVE-2019-0652\",\n \"CVE-2019-0654\", \"CVE-2019-0655\", \"CVE-2019-0656\", \"CVE-2019-0595\",\n \"CVE-2019-0596\", \"CVE-2019-0597\", \"CVE-2019-0657\", \"CVE-2019-0598\",\n \"CVE-2019-0599\", \"CVE-2019-0659\", \"CVE-2019-0660\", \"CVE-2019-0662\",\n \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\", \"CVE-2019-0676\",\n \"CVE-2019-0605\", \"CVE-2019-0606\", \"CVE-2019-0613\", \"CVE-2019-0615\",\n \"CVE-2019-0616\", \"CVE-2019-0618\", \"CVE-2019-0619\", \"CVE-2019-0625\",\n \"CVE-2019-0626\", \"CVE-2019-0627\", \"CVE-2019-0628\", \"CVE-2019-0630\",\n \"CVE-2019-0631\", \"CVE-2019-0632\", \"CVE-2019-0633\", \"CVE-2019-0635\",\n \"CVE-2019-0636\", \"CVE-2019-0642\", \"CVE-2019-0645\", \"CVE-2019-0651\",\n \"CVE-2019-0621\", \"CVE-2019-0623\", \"CVE-2019-0555\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 09:46:58 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4487018)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4487018\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft Server Message Block 2 server improperly handles certain requests.\n\n - An error in Windows which could allow an attacker to bypass\n Device Guard.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in\n the memory.\n\n - Windows GDI component improperly discloses the contents of its\n memory.\n\n - Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - when Windows improperly discloses file information.\n\n - Internet Explorer improperly handles objects in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft browsers improperly handles specific redirects.\n\n - The scripting engine handles objects in memory in Microsoft Edge.\n\n - The Storage Service improperly handles file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Windows Server DHCP service improperly handle specially crafted\n packets to a DHCP server.\n\n - Windows Win32k component fails to properly handle objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The Human Interface Devices (HID) component improperly handles objects in\n memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - The win32k component improperly provides kernel information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute code on the target server, obtain information to\n further compromise the user's system, bypass security restriction and take\n control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4487018\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.18131\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.18131\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:13", "description": "This host is missing a critical security\n update according to Microsoft KB4487020", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4487020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0645", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0640", "CVE-2019-0590", "CVE-2019-0595", "CVE-2019-0656", "CVE-2019-0660", "CVE-2019-0642", "CVE-2019-0597", "CVE-2019-0651", "CVE-2019-0657", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0605", "CVE-2019-0654", "CVE-2019-0659", "CVE-2019-0644", "CVE-2019-0627", "CVE-2019-0616", "CVE-2019-0613", "CVE-2019-0634", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0652", "CVE-2019-0631", "CVE-2019-0610", "CVE-2019-0596", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0655", "CVE-2019-0632", "CVE-2019-0641", "CVE-2019-0621", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0555", "CVE-2019-0615", "CVE-2019-0658", "CVE-2019-0633", "CVE-2019-0649", "CVE-2019-0623", "CVE-2019-0635", "CVE-2019-0591", "CVE-2019-0593"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814912", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814912", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814912\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0555\", \"CVE-2019-0590\", \"CVE-2019-0591\", \"CVE-2019-0593\",\n \"CVE-2019-0595\", \"CVE-2019-0596\", \"CVE-2019-0597\", \"CVE-2019-0598\",\n \"CVE-2019-0599\", \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\",\n \"CVE-2019-0605\", \"CVE-2019-0606\", \"CVE-2019-0610\", \"CVE-2019-0613\",\n \"CVE-2019-0615\", \"CVE-2019-0616\", \"CVE-2019-0618\", \"CVE-2019-0619\",\n \"CVE-2019-0621\", \"CVE-2019-0623\", \"CVE-2019-0625\", \"CVE-2019-0626\",\n \"CVE-2019-0627\", \"CVE-2019-0628\", \"CVE-2019-0630\", \"CVE-2019-0631\",\n \"CVE-2019-0632\", \"CVE-2019-0633\", \"CVE-2019-0634\", \"CVE-2019-0635\",\n \"CVE-2019-0636\", \"CVE-2019-0640\", \"CVE-2019-0641\", \"CVE-2019-0642\",\n \"CVE-2019-0644\", \"CVE-2019-0645\", \"CVE-2019-0649\", \"CVE-2019-0651\",\n \"CVE-2019-0652\", \"CVE-2019-0654\", \"CVE-2019-0655\", \"CVE-2019-0656\",\n \"CVE-2019-0657\", \"CVE-2019-0658\", \"CVE-2019-0659\", \"CVE-2019-0660\",\n \"CVE-2019-0662\", \"CVE-2019-0676\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 14:59:01 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4487020)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4487020\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"For more information about the vulnerabilities\n refer Reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, gain elevated\n privileges and execute arbitrary code on a victim system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64 Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4487020\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1630\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1630\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:21", "description": "This host is missing a critical security\n update according to Microsoft KB4487017", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4487017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0637", "CVE-2019-0645", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0640", "CVE-2019-0590", "CVE-2019-0595", "CVE-2019-0656", "CVE-2019-0660", "CVE-2019-0642", "CVE-2019-0597", "CVE-2019-0651", "CVE-2019-0657", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0605", "CVE-2019-0654", "CVE-2019-0659", "CVE-2019-0644", "CVE-2019-0627", "CVE-2019-0616", "CVE-2019-0613", "CVE-2019-0634", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0652", "CVE-2019-0631", "CVE-2019-0610", "CVE-2019-0596", "CVE-2019-0607", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0655", "CVE-2019-0632", "CVE-2019-0641", "CVE-2019-0621", "CVE-2019-0650", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0555", "CVE-2019-0615", "CVE-2019-0658", "CVE-2019-0633", "CVE-2019-0649", "CVE-2019-0623", "CVE-2019-0635", "CVE-2019-0591", "CVE-2019-0593"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814672", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814672", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814672\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0590\", \"CVE-2019-0591\", \"CVE-2019-0593\", \"CVE-2019-0652\",\n \"CVE-2019-0654\", \"CVE-2019-0655\", \"CVE-2019-0656\", \"CVE-2019-0595\",\n \"CVE-2019-0596\", \"CVE-2019-0657\", \"CVE-2019-0658\", \"CVE-2019-0597\",\n \"CVE-2019-0598\", \"CVE-2019-0599\", \"CVE-2019-0659\", \"CVE-2019-0660\",\n \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\", \"CVE-2019-0662\",\n \"CVE-2019-0605\", \"CVE-2019-0606\", \"CVE-2019-0607\", \"CVE-2019-0610\",\n \"CVE-2019-0613\", \"CVE-2019-0676\", \"CVE-2019-0615\", \"CVE-2019-0616\",\n \"CVE-2019-0618\", \"CVE-2019-0625\", \"CVE-2019-0626\", \"CVE-2019-0627\",\n \"CVE-2019-0628\", \"CVE-2019-0630\", \"CVE-2019-0631\", \"CVE-2019-0632\",\n \"CVE-2019-0633\", \"CVE-2019-0634\", \"CVE-2019-0635\", \"CVE-2019-0636\",\n \"CVE-2019-0637\", \"CVE-2019-0640\", \"CVE-2019-0641\", \"CVE-2019-0642\",\n \"CVE-2019-0644\", \"CVE-2019-0645\", \"CVE-2019-0649\", \"CVE-2019-0650\",\n \"CVE-2019-0651\", \"CVE-2019-0619\", \"CVE-2019-0621\", \"CVE-2019-0623\",\n \"CVE-2019-0555\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 09:26:04 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4487017)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4487017\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Server Message Block 2 server improperly handles certain requests.\n\n - An error in Windows which could allow an attacker to bypass Device Guard.\n\n - Windows Graphics Device Interface (GDI) improperly handles objects in the\n memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n - Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - Windows improperly discloses file information.\n\n - Windows Defender Firewall incorrectly applies firewall profiles to\n cellular network connections.\n\n - Scripting engine handles objects in memory in Microsoft Edge.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Microsoft browsers improperly handles specific redirects.\n\n - The scripting engine does not properly handle objects in memory in\n Microsoft Edge.\n\n - The storage Service improperly handles file operations.\n\n - Windows Jet Database Engine improperly handles objects in memory.\n\n - Internet Explorer improperly handles objects in memory.\n\n - Windows Server DHCP service improperly validate specially crafted\n packets to a DHCP server.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - The Human Interface Devices (HID) component improperly handles objects\n in memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - The win32k component improperly provides kernel information.\n\n - Microsoft Edge improperly handles whitelisting.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute code on the target server, gain elevated privileges on the victim\n system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4487017\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17134.0\", test_version2:\"11.0.17134.589\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17134.0 - 11.0.17134.589\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:19", "description": "This host is missing a critical security\n update according to Microsoft KB4486996", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4486996)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0637", "CVE-2019-0645", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0640", "CVE-2019-0590", "CVE-2019-0595", "CVE-2019-0656", "CVE-2019-0660", "CVE-2019-0642", "CVE-2019-0597", "CVE-2019-0651", "CVE-2019-0657", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0605", "CVE-2019-0654", "CVE-2019-0659", "CVE-2019-0644", "CVE-2019-0627", "CVE-2019-0616", "CVE-2019-0613", "CVE-2019-0634", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0652", "CVE-2019-0631", "CVE-2019-0610", "CVE-2019-0596", "CVE-2019-0607", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0655", "CVE-2019-0632", "CVE-2019-0641", "CVE-2019-0621", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0555", "CVE-2019-0615", "CVE-2019-0658", "CVE-2019-0633", "CVE-2019-0649", "CVE-2019-0623", "CVE-2019-0635", "CVE-2019-0591", "CVE-2019-0593"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814910", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814910", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814910\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0555\", \"CVE-2019-0590\", \"CVE-2019-0591\", \"CVE-2019-0593\",\n \"CVE-2019-0595\", \"CVE-2019-0596\", \"CVE-2019-0597\", \"CVE-2019-0598\",\n \"CVE-2019-0599\", \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\",\n \"CVE-2019-0605\", \"CVE-2019-0606\", \"CVE-2019-0607\", \"CVE-2019-0610\",\n \"CVE-2019-0613\", \"CVE-2019-0615\", \"CVE-2019-0616\", \"CVE-2019-0618\",\n \"CVE-2019-0619\", \"CVE-2019-0621\", \"CVE-2019-0623\", \"CVE-2019-0625\",\n \"CVE-2019-0626\", \"CVE-2019-0627\", \"CVE-2019-0628\", \"CVE-2019-0630\",\n \"CVE-2019-0631\", \"CVE-2019-0632\", \"CVE-2019-0633\", \"CVE-2019-0634\",\n \"CVE-2019-0635\", \"CVE-2019-0636\", \"CVE-2019-0637\", \"CVE-2019-0640\",\n \"CVE-2019-0641\", \"CVE-2019-0642\", \"CVE-2019-0644\", \"CVE-2019-0645\",\n \"CVE-2019-0649\", \"CVE-2019-0651\", \"CVE-2019-0652\", \"CVE-2019-0654\",\n \"CVE-2019-0655\", \"CVE-2019-0656\", \"CVE-2019-0657\", \"CVE-2019-0658\",\n \"CVE-2019-0659\", \"CVE-2019-0660\", \"CVE-2019-0662\", \"CVE-2019-0676\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 13:39:27 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4486996)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4486996\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"For more information about the vulnerabilities\n refer Reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, gain elevated\n privileges on an affected system and execute arbitrary code in the context of\n the current user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4486996\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.966\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.966\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T16:27:12", "description": "This host is missing a critical security\n update according to Microsoft KB4487044", "cvss3": {}, "published": "2019-02-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4487044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0618", "CVE-2019-0637", "CVE-2019-0645", "CVE-2019-0628", "CVE-2019-0600", "CVE-2019-0640", "CVE-2019-0590", "CVE-2019-0595", "CVE-2019-0656", "CVE-2019-0660", "CVE-2019-0642", "CVE-2019-0597", "CVE-2019-0651", "CVE-2019-0602", "CVE-2019-0606", "CVE-2019-0605", "CVE-2019-0654", "CVE-2019-0659", "CVE-2019-0644", "CVE-2019-0627", "CVE-2019-0616", "CVE-2019-0634", "CVE-2019-0626", "CVE-2019-0619", "CVE-2019-0648", "CVE-2019-0662", "CVE-2019-0598", "CVE-2019-0643", "CVE-2019-0652", "CVE-2019-0631", "CVE-2019-0610", "CVE-2019-0596", "CVE-2019-0607", "CVE-2019-0599", "CVE-2019-0625", "CVE-2019-0655", "CVE-2019-0632", "CVE-2019-0641", "CVE-2019-0621", "CVE-2019-0650", "CVE-2019-0601", "CVE-2019-0630", "CVE-2019-0636", "CVE-2019-0676", "CVE-2019-0555", "CVE-2019-0615", "CVE-2019-0658", "CVE-2019-0633", "CVE-2019-0649", "CVE-2019-0635", "CVE-2019-0591", "CVE-2019-0593"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310814911", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814911", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814911\");\n script_version(\"2020-06-04T09:02:37+0000\");\n script_cve_id(\"CVE-2019-0555\", \"CVE-2019-0590\", \"CVE-2019-0591\", \"CVE-2019-0593\",\n \"CVE-2019-0595\", \"CVE-2019-0596\", \"CVE-2019-0597\", \"CVE-2019-0598\",\n \"CVE-2019-0599\", \"CVE-2019-0600\", \"CVE-2019-0601\", \"CVE-2019-0602\",\n \"CVE-2019-0605\", \"CVE-2019-0606\", \"CVE-2019-0607\", \"CVE-2019-0610\",\n \"CVE-2019-0615\", \"CVE-2019-0616\", \"CVE-2019-0618\", \"CVE-2019-0619\",\n \"CVE-2019-0621\", \"CVE-2019-0625\", \"CVE-2019-0626\", \"CVE-2019-0627\",\n \"CVE-2019-0628\", \"CVE-2019-0630\", \"CVE-2019-0631\", \"CVE-2019-0632\",\n \"CVE-2019-0633\", \"CVE-2019-0634\", \"CVE-2019-0635\", \"CVE-2019-0636\",\n \"CVE-2019-0637\", \"CVE-2019-0640\", \"CVE-2019-0641\", \"CVE-2019-0642\",\n \"CVE-2019-0643\", \"CVE-2019-0644\", \"CVE-2019-0645\", \"CVE-2019-0648\",\n \"CVE-2019-0649\", \"CVE-2019-0650\", \"CVE-2019-0651\", \"CVE-2019-0652\",\n \"CVE-2019-0654\", \"CVE-2019-0655\", \"CVE-2019-0656\", \"CVE-2019-0658\",\n \"CVE-2019-0659\", \"CVE-2019-0660\", \"CVE-2019-0662\", \"CVE-2019-0676\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 09:02:37 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-13 13:57:04 +0530 (Wed, 13 Feb 2019)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4487044)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4487044\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\n the target host.\");\n\n script_tag(name:\"insight\", value:\"For more information about the vulnerabilities\n refer Reference links\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, gain the same\n user rights as the current user and execute arbitrary code in the context of the\n current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1809 for 32-bit/x64 Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4487044\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.17763.0\", test_version2:\"11.0.17763.315\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.17763.0 - 11.0.17763.315\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T15:51:43", "description": "### *Detect date*:\n02/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 \nWindows 10 for 32-bit Systems \nWindows Server, version 1803 (Server Core Installation) \nMicrosoft Office 2019 for 64-bit editions \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nOffice 365 ProPlus for 64-bit Systems \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1803 for ARM64-based Systems \nOffice 365 ProPlus for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nMicrosoft Office 2016 (32-bit edition) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nMicrosoft Office 2019 for 32-bit editions \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows 10 Version 1809 for x64-based Systems \nMicrosoft Office 2016 (64-bit edition) \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nWindows Server 2012 R2 \nWindows 10 Version 1803 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0630](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0630>) \n[CVE-2019-0618](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0618>) \n[CVE-2019-0619](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0619>) \n[CVE-2019-0635](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0635>) \n[CVE-2019-0636](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0636>) \n[CVE-2019-0674](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0674>) \n[CVE-2019-0616](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0616>) \n[CVE-2019-0671](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0671>) \n[CVE-2019-0615](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0615>) \n[CVE-2019-0599](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0599>) \n[CVE-2019-0598](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0598>) \n[CVE-2019-0595](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0595>) \n[CVE-2019-0597](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0597>) \n[CVE-2019-0596](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0596>) \n[CVE-2019-0626](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0626>) \n[CVE-2019-0625](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0625>) \n[CVE-2019-0623](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0623>) \n[CVE-2019-0621](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0621>) \n[CVE-2019-0601](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0601>) \n[CVE-2019-0600](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0600>) \n[CVE-2019-0602](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0602>) \n[CVE-2019-0628](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0628>) \n[CVE-2019-0663](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0663>) \n[CVE-2019-0662](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0662>) \n[CVE-2019-0661](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0661>) \n[CVE-2019-0660](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0660>) \n[CVE-2019-0664](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0664>) \n[CVE-2019-0673](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0673>) \n[ADV190006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190006>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2019-0673](<https://vulners.com/cve/CVE-2019-0673>)9.3Critical \n[CVE-2019-0674](<https://vulners.com/cve/CVE-2019-0674>)9.3Critical \n[CVE-2019-0671](<https://vulners.com/cve/CVE-2019-0671>)9.3Critical \n[CVE-2019-0636](<https://vulners.com/cve/CVE-2019-0636>)2.1Warning \n[CVE-2019-0623](<https://vulners.com/cve/CVE-2019-0623>)7.2High \n[CVE-2019-0661](<https://vulners.com/cve/CVE-2019-0661>)2.1Warning \n[CVE-2019-0599](<https://vulners.com/cve/CVE-2019-0599>)9.3Critical \n[CVE-2019-0595](<https://vulners.com/cve/CVE-2019-0595>)9.3Critical \n[CVE-2019-0664](<https://vulners.com/cve/CVE-2019-0664>)4.3Warning \n[CVE-2019-0615](<https://vulners.com/cve/CVE-2019-0615>)4.3Warning \n[CVE-2019-0600](<https://vulners.com/cve/CVE-2019-0600>)1.9Warning \n[CVE-2019-0619](<https://vulners.com/cve/CVE-2019-0619>)4.3Warning \n[CVE-2019-0660](<https://vulners.com/cve/CVE-2019-0660>)4.3Warning \n[CVE-2019-0616](<https://vulners.com/cve/CVE-2019-0616>)4.3Warning \n[CVE-2019-0626](<https://vulners.com/cve/CVE-2019-0626>)7.5Critical \n[CVE-2019-0618](<https://vulners.com/cve/CVE-2019-0618>)9.3Critical \n[CVE-2019-0625](<https://vulners.com/cve/CVE-2019-0625>)9.3Critical \n[CVE-2019-0628](<https://vulners.com/cve/CVE-2019-0628>)2.1Warning \n[CVE-2019-0602](<https://vulners.com/cve/CVE-2019-0602>)4.3Warning \n[CVE-2019-0601](<https://vulners.com/cve/CVE-2019-0601>)1.9Warning \n[CVE-2019-0621](<https://vulners.com/cve/CVE-2019-0621>)2.1Warning \n[CVE-2019-0635](<https://vulners.com/cve/CVE-2019-0635>)5.5High \n[CVE-2019-0597](<https://vulners.com/cve/CVE-2019-0597>)9.3Critical \n[CVE-2019-0596](<https://vulners.com/cve/CVE-2019-0596>)9.3Critical \n[CVE-2019-0630](<https://vulners.com/cve/CVE-2019-0630>)9.0Critical \n[CVE-2019-0598](<https://vulners.com/cve/CVE-2019-0598>)9.3Critical \n[CVE-2019-0662](<https://vulners.com/cve/CVE-2019-0662>)9.3Critical \n[CVE-2019-0663](<https://vulners.com/cve/CVE-2019-0663>)2.1Warning\n\n### *KB list*:\n[4486563](<http://support.microsoft.com/kb/4486563>) \n[4487023](<http://support.microsoft.com/kb/4487023>) \n[4486564](<http://support.microsoft.com/kb/4486564>) \n[4487019](<http://support.microsoft.com/kb/4487019>) \n[4489878](<http://support.microsoft.com/kb/4489878>) \n[4489885](<http://support.microsoft.com/kb/4489885>) \n[4489880](<http://support.microsoft.com/kb/4489880>) \n[4489876](<http://support.microsoft.com/kb/4489876>) \n[4493472](<http://support.microsoft.com/kb/4493472>) \n[4493471](<http://support.microsoft.com/kb/4493471>) \n[4493458](<http://support.microsoft.com/kb/4493458>) \n[4493448](<http://support.microsoft.com/kb/4493448>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "kaspersky", "title": "KLA11879 Multiple vulnerabiltiies in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0671", "CVE-2019-0673", "CVE-2019-0674"], "modified": "2020-07-22T00:00:00", "id": "KLA11879", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11879/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T15:59:53", "description": "### *Detect date*:\n02/12/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions.\n\n### *Affected products*:\nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1709 for 64-based Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2012 \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2016 \nWindows Server 2016 (Server Core installation) \nWindows Server 2019 \nWindows Server 2019 (Server Core installation) \nWindows Server, version 1709 (Server Core Installation) \nWindows Server, version 1803 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-0636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0636>) \n[CVE-2019-0623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623>) \n[CVE-2019-0661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0661>) \n[CVE-2019-0599](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0599>) \n[CVE-2019-0595](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0595>) \n[CVE-2019-0664](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0664>) \n[CVE-2019-0615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0615>) \n[CVE-2019-0659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0659>) \n[CVE-2019-0600](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0600>) \n[CVE-2019-0619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0619>) \n[CVE-2019-0627](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627>) \n[CVE-2019-0631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631>) \n[CVE-2019-0660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0660>) \n[CVE-2019-0616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0616>) \n[CVE-2019-0656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0656>) \n[CVE-2019-0626](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626>) \n[CVE-2019-0633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0633>) \n[CVE-2019-0618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0618>) \n[CVE-2019-0625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625>) \n[CVE-2019-0628](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0628>) \n[CVE-2019-0602](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602>) \n[CVE-2019-0601](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0601>) \n[CVE-2019-0637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0637>) \n[CVE-2019-0621](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0621>) \n[CVE-2019-0635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0635>) \n[CVE-2019-0597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0597>) \n[CVE-2019-0596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0596>) \n[CVE-2019-0632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632>) \n[CVE-2019-0630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630>) \n[CVE-2019-0598](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0598>) \n[CVE-2019-0662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662>) \n[ADV190006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190006>) \n[CVE-2019-0663](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0663>) \n[CVE-2019-0673](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673>) \n[CVE-2019-0671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0671>) \n[CVE-2019-0674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0674>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2019-0673](<https://vulners.com/cve/CVE-2019-0673>)9.3Critical \n[CVE-2019-0674](<https://vulners.com/cve/CVE-2019-0674>)9.3Critical \n[CVE-2019-0671](<https://vulners.com/cve/CVE-2019-0671>)9.3Critical \n[CVE-2019-0636](<https://vulners.com/cve/CVE-2019-0636>)2.1Warning \n[CVE-2019-0623](<https://vulners.com/cve/CVE-2019-0623>)7.2High \n[CVE-2019-0661](<https://vulners.com/cve/CVE-2019-0661>)2.1Warning \n[CVE-2019-0599](<https://vulners.com/cve/CVE-2019-0599>)9.3Critical \n[CVE-2019-0595](<https://vulners.com/cve/CVE-2019-0595>)9.3Critical \n[CVE-2019-0664](<https://vulners.com/cve/CVE-2019-0664>)4.3Warning \n[CVE-2019-0615](<https://vulners.com/cve/CVE-2019-0615>)4.3Warning \n[CVE-2019-0659](<https://vulners.com/cve/CVE-2019-0659>)4.4Warning \n[CVE-2019-0600](<https://vulners.com/cve/CVE-2019-0600>)1.9Warning \n[CVE-2019-0619](<https://vulners.com/cve/CVE-2019-0619>)4.3Warning \n[CVE-2019-0627](<https://vulners.com/cve/CVE-2019-0627>)4.6Warning \n[CVE-2019-0631](<https://vulners.com/cve/CVE-2019-0631>)4.6Warning \n[CVE-2019-0660](<https://vulners.com/cve/CVE-2019-0660>)4.3Warning \n[CVE-2019-0616](<https://vulners.com/cve/CVE-2019-0616>)4.3Warning \n[CVE-2019-0656](<https://vulners.com/cve/CVE-2019-0656>)6.9High \n[CVE-2019-0626](<https://vulners.com/cve/CVE-2019-0626>)7.5Critical \n[CVE-2019-0633](<https://vulners.com/cve/CVE-2019-0633>)9.0Critical \n[CVE-2019-0618](<https://vulners.com/cve/CVE-2019-0618>)9.3Critical \n[CVE-2019-0625](<https://vulners.com/cve/CVE-2019-0625>)9.3Critical \n[CVE-2019-0628](<https://vulners.com/cve/CVE-2019-0628>)2.1Warning \n[CVE-2019-0602](<https://vulners.com/cve/CVE-2019-0602>)4.3Warning \n[CVE-2019-0601](<https://vulners.com/cve/CVE-2019-0601>)1.9Warning \n[CVE-2019-0637](<https://vulners.com/cve/CVE-2019-0637>)5.0Critical \n[CVE-2019-0621](<https://vulners.com/cve/CVE-2019-0621>)2.1Warning \n[CVE-2019-0635](<https://vulners.com/cve/CVE-2019-0635>)5.5High \n[CVE-2019-0597](<https://vulners.com/cve/CVE-2019-0597>)9.3Critical \n[CVE-2019-0596](<https://vulners.com/cve/CVE-2019-0596>)9.3Critical \n[CVE-2019-0632](<https://vulners.com/cve/CVE-2019-0632>)4.6Warning \n[CVE-2019-0630](<https://vulners.com/cve/CVE-2019-0630>)9.0Critical \n[CVE-2019-0598](<https://vulners.com/cve/CVE-2019-0598>)9.3Critical \n[CVE-2019-0662](<https://vulners.com/cve/CVE-2019-0662>)9.3Critical \n[CVE-2019-0663](<https://vulners.com/cve/CVE-2019-0663>)2.1Warning\n\n### *KB list*:\n[4487020](<http://support.microsoft.com/kb/4487020>) \n[4487017](<http://support.microsoft.com/kb/4487017>) \n[4486996](<http://support.microsoft.com/kb/4486996>) \n[4487026](<http://support.microsoft.com/kb/4487026>) \n[4487025](<http://support.microsoft.com/kb/4487025>) \n[4487044](<http://support.microsoft.com/kb/4487044>) \n[4487018](<http://support.microsoft.com/kb/4487018>) \n[4487028](<http://support.microsoft.com/kb/4487028>) \n[4487000](<http://support.microsoft.com/kb/4487000>) \n[4486993](<http://support.microsoft.com/kb/4486993>) \n[4489881](<http://support.microsoft.com/kb/4489881>) \n[4489891](<http://support.microsoft.com/kb/4489891>) \n[4489883](<http://support.microsoft.com/kb/4489883>) \n[4489886](<http://support.microsoft.com/kb/4489886>) \n[4489899](<http://support.microsoft.com/kb/4489899>) \n[4489871](<http://support.microsoft.com/kb/4489871>) \n[4489868](<http://support.microsoft.com/kb/4489868>) \n[4489872](<http://support.microsoft.com/kb/4489872>) \n[4489884](<http://support.microsoft.com/kb/4489884>) \n[4489882](<http://support.microsoft.com/kb/4489882>) \n[4493441](<http://support.microsoft.com/kb/4493441>) \n[4493474](<http://support.microsoft.com/kb/4493474>) \n[4493464](<http://support.microsoft.com/kb/4493464>) \n[4493509](<http://support.microsoft.com/kb/4493509>) \n[4493470](<http://support.microsoft.com/kb/4493470>) \n[4493475](<http://support.microsoft.com/kb/4493475>) \n[4493451](<http://support.microsoft.com/kb/4493451>) \n[4493467](<http://support.microsoft.com/kb/4493467>) \n[4493446](<http://support.microsoft.com/kb/4493446>) \n[4493450](<http://support.microsoft.com/kb/4493450>)\n\n### *Microsoft official advisories*:\n\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-12T00:00:00", "type": "kaspersky", "title": "KLA11418 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0621", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0637", "CVE-2019-0656", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0663", "CVE-2019-0664", "CVE-2019-0671", "CVE-2019-0673", "CVE-2019-0674"], "modified": "2020-07-22T00:00:00", "id": "KLA11418", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11418/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-03-07T08:34:06", "description": "[](<http://2.bp.blogspot.com/-C9ApwGTNu7M/XGLvRFSNSsI/AAAAAAAAFT4/OR6BvUFDD30mBvNZE70PUde_GycCBeNlACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 69 vulnerabilities, 20 of which are rated \u201ccritical,\u201d 46 that are considered \u201cimportant\u201d and three that are \u201cmoderate.\u201d This release also includes a critical security advisory regarding a security update to Adobe Flash Player \n \nThis month\u2019s security update covers security issues in a variety of Microsoft\u2019s products, including the Chakra Scripting Engine and the Internet Explorer and Exchange web browsers. For coverage of these vulnerabilities, read the SNORT\u24c7 blog post [here](<https://blog.snort.org/2019/02/snort-rule-update-for-feb-12-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 20 critical vulnerabilities this month, 12 of which we will highlight below. \n \n[CVE-2019-0590](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0590>), [CVE-2019-0591](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0591>), [CVE-2019-0593](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0593>), [CVE-2019-0640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0640>), [CVE-2019-0642](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0642>), [CVE-2019-0644](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0644>), [CVE-2019-0651](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0651>), [CVE-2019-0652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0652>) and [CVE-2019-0655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0655>) are all memory corruption vulnerabilities in Microsoft scripting engine. The bugs all lie in the way the engine processes objects in memory in the Microsoft Edge web browser. An attacker could exploit this vulnerability to corrupt the machine\u2019s memory, eventually allowing them to execute code remotely in the context of the current users. A user could trigger this bug by either visiting a malicious web page while using Edge, or by accessing specially crafted content created by the attacker. \n \n[CVE-2019-0606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0606>) is a memory corruption vulnerability in Microsoft Internet Explorer. The problem lies in the way the web browser accesses objects in memory. An attacker could exploit this vulnerability by tricking a user into visiting a specially crafted website or user-created content in Internet Explorer. Once triggered, the attacker could gain the ability to execute code remotely in the context of the current user. \n \n[CVE-2019-0645](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0645>) and [CVE-2019-0650](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0650>) are memory corruption vulnerabilities that exist in Microsoft Edge when the web browser fails to properly handle objects in memory. An attacker could exploit this vulnerability by tricking a user into visiting a maliciously crafted website in Edge, or clicking on specially crafted content. An attacker could use this bug to gain the ability to execute arbitrary code in the context of the current user. \n \nThese are the other critical vulnerabilities: \n \n\n\n * [CVE-2019-0594](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594>)\n * [CVE-2019-0604](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604>)\n * [CVE-2019-0605](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0605>)\n * [CVE-2019-0607](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0607>)\n * [CVE-2019-0618](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0618>)\n * [CVE-2019-0626](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626>)\n * [CVE-2019-0634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0634>)\n * [CVE-2019-0662](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0662>)\n \n\n\n### Important vulnerabilities\n\nThis release also contains 46 important vulnerabilities: \n \n\n\n * [CVE-2019-0540](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0540>)\n * [CVE-2019-0595](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0595>)\n * [CVE-2019-0596](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0596>)\n * [CVE-2019-0597](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0597>)\n * [CVE-2019-0598](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0598>)\n * [CVE-2019-0599](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0599>)\n * [CVE-2019-0600](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0600>)\n * [CVE-2019-0601](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0601>)\n * [CVE-2019-0602](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0602>)\n * [CVE-2019-0610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0610>)\n * [CVE-2019-0613](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0613>)\n * [CVE-2019-0615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0615>)\n * [CVE-2019-0616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0616>)\n * [CVE-2019-0619](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0619>)\n * [CVE-2019-0623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623>)\n * [CVE-2019-0625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0625>)\n * [CVE-2019-0627](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0627>)\n * [CVE-2019-0628](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0628>)\n * [CVE-2019-0630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0630>)\n * [CVE-2019-0631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0631>)\n * [CVE-2019-0632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0632>)\n * [CVE-2019-0633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0633>)\n * [CVE-2019-0635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0635>)\n * [CVE-2019-0636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0636>)\n * [CVE-2019-0637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0637>)\n * [CVE-2019-0648](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0648>)\n * [CVE-2019-0649](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0649>)\n * [CVE-2019-0654](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0654>)\n * [CVE-2019-0656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0656>)\n * [CVE-2019-0657](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657>)\n * [CVE-2019-0658](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658>)\n * [CVE-2019-0659](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0659>)\n * [CVE-2019-0660](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0660>)\n * [CVE-2019-0661](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0661>)\n * [CVE-2019-0664](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0664>)\n * [CVE-2019-0668](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0668>)\n * [CVE-2019-0671](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0671>)\n * [CVE-2019-0672](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0672>)\n * [CVE-2019-0673](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0673>)\n * [CVE-2019-0674](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0674>)\n * [CVE-2019-0675](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0675>)\n * [CVE-2019-0676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676>)\n * [CVE-2019-0686](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686>)\n * [CVE-2019-0728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0728>)\n\n### Moderate\n\nThere were also three moderate vulnerabilities in this release: [CVE-2019-0641](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0641>), [CVE-2019-0643](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0643>) and [CVE-2019-0670](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670>). \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing the following SNORT\u24c7 rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: [49128 - 49170](<https://snort.org/advisories/talos-rules-2019-02-12>) \n\n\n \n\n\n", "cvss3": {}, "published": "2019-02-12T11:55:00", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 February 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2019-0540", "CVE-2019-0590", "CVE-2019-0591", "CVE-2019-0593", "CVE-2019-0594", "CVE-2019-0595", "CVE-2019-0596", "CVE-2019-0597", "CVE-2019-0598", "CVE-2019-0599", "CVE-2019-0600", "CVE-2019-0601", "CVE-2019-0602", "CVE-2019-0604", "CVE-2019-0605", "CVE-2019-0606", "CVE-2019-0607", "CVE-2019-0610", "CVE-2019-0613", "CVE-2019-0615", "CVE-2019-0616", "CVE-2019-0618", "CVE-2019-0619", "CVE-2019-0623", "CVE-2019-0625", "CVE-2019-0626", "CVE-2019-0627", "CVE-2019-0628", "CVE-2019-0630", "CVE-2019-0631", "CVE-2019-0632", "CVE-2019-0633", "CVE-2019-0634", "CVE-2019-0635", "CVE-2019-0636", "CVE-2019-0637", "CVE-2019-0640", "CVE-2019-0641", "CVE-2019-0642", "CVE-2019-0643", "CVE-2019-0644", "CVE-2019-0645", "CVE-2019-0648", "CVE-2019-0649", "CVE-2019-0650", "CVE-2019-0651", "CVE-2019-0652", "CVE-2019-0654", "CVE-2019-0655", "CVE-2019-0656", "CVE-2019-0657", "CVE-2019-0658", "CVE-2019-0659", "CVE-2019-0660", "CVE-2019-0661", "CVE-2019-0662", "CVE-2019-0664", "CVE-2019-0668", "CVE-2019-0670", "CVE-2019-0671", "CVE-2019-0672", "CVE-2019-0673", "CVE-2019-0674", "CVE-2019-0675", "CVE-2019-0676", "CVE-2019-0686", "CVE-2019-0728"], "modified": "2019-02-12T19:55:00", "id": "TALOSBLOG:AB5E63755953149993334997F5123794", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/YjaBeKVxw9M/microsoft-patch-tuesday-february-2019.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
Microsoft Windows gdiplus bHandleExtCreateFont Out-Of-Bounds Read Information Disclosure Vulnerability
