LanGuard reports



Supported OVAL Bulletins


More information on 2020 updates



ID:
CISEC:6739
Title:
oval:org.cisecurity:def:6739: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6739
CVE-2019-1389
Severity:
Low
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6740
Title:
oval:org.cisecurity:def:6740: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6740
CVE-2019-1423
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the StartTileData.dll properly handles this type of function.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6741
Title:
oval:org.cisecurity:def:6741: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6741
CVE-2019-1385
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6742
Title:
oval:org.cisecurity:def:6742: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6742
CVE-2018-12207
Severity:
Low
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6743
Title:
oval:org.cisecurity:def:6743: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6743
CVE-2019-1398
Severity:
Low
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6744
Title:
oval:org.cisecurity:def:6744: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6744
CVE-2019-1394
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6745
Title:
oval:org.cisecurity:def:6745: Windows Data Sharing Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6745
CVE-2019-1383
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6746
Title:
oval:org.cisecurity:def:6746: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6746
CVE-2019-1438
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6747
Title:
oval:org.cisecurity:def:6747: Win32k Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6747
CVE-2019-1441
Severity:
Low
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6748
Title:
oval:org.cisecurity:def:6748: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6748
CVE-2019-1422
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the iphlpsvc.dll properly handles this type of functionality.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6749
Title:
oval:org.cisecurity:def:6749: OpenType Font Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6749
CVE-2019-1456
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6750
Title:
oval:org.cisecurity:def:6750: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6750
CVE-2019-0712
Severity:
Low
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6751
Title:
oval:org.cisecurity:def:6751: Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6751
CVE-2019-0719
Severity:
Low
Description:
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6752
Title:
oval:org.cisecurity:def:6752: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6752
CVE-2019-1440
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6753
Title:
oval:org.cisecurity:def:6753: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6753
CVE-2019-1396
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6754
Title:
oval:org.cisecurity:def:6754: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6754
CVE-2019-1436
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6755
Title:
oval:org.cisecurity:def:6755: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6755
CVE-2019-1435
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6756
Title:
oval:org.cisecurity:def:6756: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6756
CVE-2019-1437
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6757
Title:
oval:org.cisecurity:def:6757: Windows Data Sharing Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6757
CVE-2019-1417
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6758
Title:
oval:org.cisecurity:def:6758: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6758
CVE-2019-1392
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6759
Title:
oval:org.cisecurity:def:6759: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6759
CVE-2019-1420
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dssvc.dll properly handles this type of functionality.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6760
Title:
oval:org.cisecurity:def:6760: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6760
CVE-2019-11135
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6761
Title:
oval:org.cisecurity:def:6761: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6761
CVE-2019-1393
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6762
Title:
oval:org.cisecurity:def:6762: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6762
CVE-2019-1408
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6763
Title:
oval:org.cisecurity:def:6763: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6763
CVE-2019-1415
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an attacker could run arbitrary code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the way Windows Installer handles certain filesystem operations.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6764
Title:
oval:org.cisecurity:def:6764: Windows Error Reporting Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6764
CVE-2019-1374
Severity:
Low
Description:
An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or convince a target to run a crafted application. The security update addresses the vulnerability by correcting the way WER handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6765
Title:
oval:org.cisecurity:def:6765: DirectWrite Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6765
CVE-2019-1432
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6766
Title:
oval:org.cisecurity:def:6766: DirectWrite Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6766
CVE-2019-1411
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6767
Title:
oval:org.cisecurity:def:6767: Windows User Profile Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6767
CVE-2019-1454
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6768
Title:
oval:org.cisecurity:def:6768: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6768
CVE-2019-1391
Severity:
Low
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6769
Title:
oval:org.cisecurity:def:6769: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6769
CVE-2019-1395
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6770
Title:
oval:org.cisecurity:def:6770: Windows UPnP Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6770
CVE-2019-1405
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows UPnP service accesses COM objects.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6771
Title:
oval:org.cisecurity:def:6771: OpenType Font Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6771
CVE-2019-1412
Severity:
Low
Description:
An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. To exploit this vulnerability, an attacker would have to log on to an affected system and open a document containing specially crafted fonts. The update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6772
Title:
oval:org.cisecurity:def:6772: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6772
CVE-2019-1397
Severity:
Low
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6773
Title:
oval:org.cisecurity:def:6773: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6773
CVE-2019-1433
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6774
Title:
oval:org.cisecurity:def:6774: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6774
CVE-2019-1430
Severity:
Low
Description:
A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker must send a specially crafted QuickTime file to a user and convince them to open it. When opened, the malicious QuickTime file will execute code of the attacker’s choice on the target system. The security update addresses the vulnerability by ensuring Windows Media Foundation properly parses QuickTime media files.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6775
Title:
oval:org.cisecurity:def:6775: Microsoft Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6775
CVE-2019-1381
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. To exploit this vulnerability, an authenticated attacker could run a specially crafted application in user mode. The update addresses the vulnerability by checking files paths for symbolic links.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6776
Title:
oval:org.cisecurity:def:6776: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6776
CVE-2019-1406
Severity:
Low
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6777
Title:
oval:org.cisecurity:def:6777: Windows Certificate Dialog Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6777
CVE-2019-1388
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by ensuring Windows Certificate Dialog properly enforces user privileges.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6778
Title:
oval:org.cisecurity:def:6778: Windows TCP/IP Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6778
CVE-2019-1324
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to send specially crafted IPv6 packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows handles IPv6 flowlabel data in packets.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6779
Title:
oval:org.cisecurity:def:6779: Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6779
CVE-2019-1382
Severity:
Low
Description:
An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. To exploit this vulnerability, an authenticated attacker could run a specially crafted application on the victim system. The update addresses the vulnerability by validated file permissions before accessing them.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6780
Title:
oval:org.cisecurity:def:6780: Windows Remote Procedure Call Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6780
CVE-2019-1409
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. The update addresses the vulnerability by correcting how the Remote Procedure Call runtime initializes objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6781
Title:
oval:org.cisecurity:def:6781: Windows Modules Installer Service Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6781
CVE-2019-1418
Severity:
Low
Description:
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application. The update addresses the vulnerability by changing the way Windows Modules Installer Service discloses file information.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6782
Title:
oval:org.cisecurity:def:6782: Windows Data Sharing Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6782
CVE-2019-1379
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6783
Title:
oval:org.cisecurity:def:6783: Microsoft splwow64 Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6783
CVE-2019-1380
Severity:
Low
Description:
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls..
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6784
Title:
oval:org.cisecurity:def:6784: OpenType Font Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6784
CVE-2019-1419
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6785
Title:
oval:org.cisecurity:def:6785: NetLogon Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6785
CVE-2019-1424
Severity:
Low
Description:
A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. To exploit the vulnerability, an attacker would require an active man in the middle attack to be in place for the targeted traffic. The update addresses the vulnerability by modifying how Netlogon handles these connections, accounting for potential attack through a man in the middle.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6786
Title:
oval:org.cisecurity:def:6786: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6786
CVE-2019-1399
Severity:
Low
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6787
Title:
oval:org.cisecurity:def:6787: Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6787
CVE-2019-0721
Severity:
Low
Description:
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6788
Title:
oval:org.cisecurity:def:6788: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6788
CVE-2019-1416
Severity:
Low
Description:
An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6789
Title:
oval:org.cisecurity:def:6789: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6789
CVE-2019-1407
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6790
Title:
oval:org.cisecurity:def:6790: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6790
CVE-2019-1434
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6791
Title:
oval:org.cisecurity:def:6791: Microsoft Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6791
CVE-2019-1384
Severity:
Low
Description:
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6792
Title:
oval:org.cisecurity:def:6792: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6792
CVE-2019-1439
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6793
Title:
oval:org.cisecurity:def:6793: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6793
CVE-2019-1310
Severity:
Low
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6794
Title:
oval:org.cisecurity:def:6794: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6794
CVE-2019-1309
Severity:
Low
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-20
Updated:
2020-08-13

ID:
CISEC:6810
Title:
oval:org.cisecurity:def:6810: Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier.
Type:
Software
Bulletins:
CISEC:6810
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a data leakage (sensitive) vulnerability (CVE-2019-7089); have an integer overflow vulnerability (CVE-2019-7030); have an out-of-bounds read vulnerability (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023, CVE-2019-7024, CVE-2019-7028, CVE-2019-7032, CVE-2019-7033, CVE-2019-7034, CVE-2019-7035, CVE-2019-7036, CVE-2019-7038, CVE-2019-7045, CVE-2019-7047, CVE-2019-7049, CVE-2019-7053, CVE-2019-7055, CVE-2019-7056, CVE-2019-7057, CVE-2019-7058, CVE-2019-7059, CVE-2019-7063, CVE-2019-7064, CVE-2019-7065, CVE-2019-7067, CVE-2019-7071, CVE-2019-7073, CVE-2019-7074, CVE-2019-7081). Successful exploitation could lead to information disclosure. Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a double free vulnerability (CVE-2019-7080); have a buffer errors vulnerability (CVE-2019-7020, CVE-2019-7085); have an out-of-bounds write vulnerability (CVE-2019-7019, CVE-2019-7027, CVE-2019-7037, CVE-2019-7039, CVE-2019-7052, CVE-2019-7060, CVE-2019-7079); have a type confusion vulnerability (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087); have an untrusted pointer dereference vulnerability (CVE-2019-7042, CVE-2019-7046, CVE-2019-7051, CVE-2019-7054, CVE-2019-7066, CVE-2019-7076); have an use after free vulnerability (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026, CVE-2019-7029, CVE-2019-7031, CVE-2019-7040, CVE-2019-7043, CVE-2019-7044, CVE-2019-7048, CVE-2019-7050, CVE-2019-7062, CVE-2019-7068, CVE-2019-7070, CVE-2019-7072, CVE-2019-7075, CVE-2019-7077, CVE-2019-7078, CVE-2019-7082, CVE-2019-7083, CVE-2019-7084). Successful exploitation could lead to arbitrary code execution. Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability (CVE-2018-19725). Successful exploitation could lead to privilege escalation. Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability (CVE-2019-7041)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2019-12-20
Updated:
2019-12-20

ID:
CISEC:6812
Title:
oval:org.cisecurity:def:6812: Multiple vulnerabilities on Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497...
Type:
Software
Bulletins:
CISEC:6812
Severity:
Low
Description:
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability (CVE-2019-8060); have a buffer error vulnerability (CVE-2019-8048); have a double free vulnerability (CVE-2019-8044); have an internal ip disclosure vulnerability (CVE-2019-8097); have a type confusion vulnerability (CVE-2019-8019); have an out-of-bounds read vulnerability (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052); have an out-of-bounds write vulnerability (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027); have an use after free vulnerability (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061); have a heap overflow vulnerability (CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050); have an integer overflow vulnerability (CVE-2019-8099, CVE-2019-8101); have an untrusted pointer dereference vulnerability (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045). Successful exploitation could lead to arbitrary code execution. Adobe Acrobat and Reader versions, 2019.012.20034 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, 2015.006.30498 and earlier versions have an Insufficiently Robust Encryption vulnerability (CVE-2019-8237). Successful exploitation could lead to Security feature bypass in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2019-12-20
Updated:
2019-12-20

ID:
CISEC:6814
Title:
oval:org.cisecurity:def:6814: Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier.
Type:
Software
Bulletins:
CISEC:6814
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability (CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, and CVE-2019-7127). Successful exploitation could lead to information disclosure. Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability (CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, and CVE-2019-7124); have a type confusion vulnerability (CVE-2019-7117 and CVE-2019-7128); have an use after free vulnerability (CVE-2019-7088 and CVE-2019-7112); have a heap overflow vulnerability (CVE-2019-7113 and CVE-2019-7125). Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2019-12-20
Updated:
2019-12-20

ID:
CISEC:6815
Title:
oval:org.cisecurity:def:6815: Multiple vulnerabilities on Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and...
Type:
Software
Bulletins:
CISEC:6815
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a type confusion vulnerability (CVE-2019-7820), have a buffer error vulnerability (CVE-2019-7824), have a double free vulnerability (CVE-2019-7784), have a security bypass vulnerability (CVE-2019-7779), have an out-of-bounds write vulnerability (CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7800, CVE-2019-7804), have a use after free vulnerability (CVE-2019-7834, CVE-2019-7833, CVE-2019-7831, CVE-2019-7830, CVE-2019-7821, CVE-2019-7817, CVE-2019-7814, CVE-2019-7809, CVE-2019-7808, CVE-2019-7807, CVE-2019-7806, CVE-2019-7805, CVE-2019-7796, CVE-2019-7792, CVE-2019-7791, CVE-2019-7788, CVE-2019-7786, CVE-2019-7785, CVE-2019-7783, CVE-2019-7782, CVE-2019-7781, CVE-2019-7772, CVE-2019-7768, CVE-2019-7767, CVE-2019-7766, CVE-2019-7765, CVE-2019-7763, CVE-2019-7762, CVE-2019-7761, CVE-2019-7760, CVE-2019-7759, CVE-2019-7823, CVE-2019-7797, CVE-2019-7835, CVE-2019-7764), have a heap overflow vulnerability (CVE-2019-7828, CVE-2019-7827, CVE-2019-7832). Successful exploitation could lead to arbitrary code execution. Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds read vulnerability (CVE-2019-7841, CVE-2019-7836, CVE-2019-7826, CVE-2019-7813, CVE-2019-7812, CVE-2019-7811, CVE-2019-7810, CVE-2019-7803, CVE-2019-7802, CVE-2019-7801, CVE-2019-7798, CVE-2019-7795, CVE-2019-7794, CVE-2019-7793, CVE-2019-7790, CVE-2019-7789, CVE-2019-7778, CVE-2019-7777, CVE-2019-7776, CVE-2019-7775, CVE-2019-7774, CVE-2019-7773, CVE-2019-7771, CVE-2019-7770, CVE-2019-7769, CVE-2019-7145, CVE-2019-7144, CVE-2019-7143, CVE-2019-7142, CVE-2019-7141, CVE-2019-7140, CVE-2019-7787, CVE-2019-7799, CVE-2019-7780, CVE-2019-7758). Successful exploitation could lead to information disclosure. Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier; 2017.011.30140 and earlier; 2017.011.30138 and earlier; 2015.006.30495 and earlier; and 2015.006.30493 and earlier have a Path Traversal vulnerability (CVE-2019-8238). Successful exploitation could lead to Information Disclosure in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2019-12-20
Updated:
2019-12-20

ID:
CISEC:6440
Title:
oval:org.cisecurity:def:6440: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6440
CVE-2019-0722
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6441
Title:
oval:org.cisecurity:def:6441: Remote Desktop Protocol Server Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6441
CVE-2019-1224
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6442
Title:
oval:org.cisecurity:def:6442: Windows DHCP Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6442
CVE-2019-1212
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6443
Title:
oval:org.cisecurity:def:6443: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6443
CVE-2019-0999
Severity:
High
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6444
Title:
oval:org.cisecurity:def:6444: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6444
CVE-2019-1154
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6445
Title:
oval:org.cisecurity:def:6445: Windows Power Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6445
CVE-2019-1341
Severity:
Low
Description:
An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function. An attacker who successfully exploited this vulnerability could delete a targeted registry key leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how umpo.dll of the Power Service handles Registry Restore Key requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6446
Title:
oval:org.cisecurity:def:6446: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6446
CVE-2019-1011
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6447
Title:
oval:org.cisecurity:def:6447: GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6447
CVE-2019-0853
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6454
Title:
oval:org.cisecurity:def:6454: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6454
CVE-2019-1123
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6455
Title:
oval:org.cisecurity:def:6455: Windows NTLM Tampering Vulnerability
Type:
Software
Bulletins:
CISEC:6455
CVE-2019-1040
Severity:
Medium
Description:
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature. The update addresses the vulnerability by hardening NTLM MIC protection on the server-side.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6456
Title:
oval:org.cisecurity:def:6456: Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6456
CVE-2019-1168
Severity:
High
Description:
An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the p2pimsvc service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6457
Title:
oval:org.cisecurity:def:6457: Windows DHCP Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6457
CVE-2019-0725
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6458
Title:
oval:org.cisecurity:def:6458: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6458
CVE-2019-0714
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6459
Title:
oval:org.cisecurity:def:6459: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6459
CVE-2019-1018
Severity:
High
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6460
Title:
oval:org.cisecurity:def:6460: HTTP/2 Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6460
CVE-2019-9518
Severity:
High
Description:
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6461
Title:
oval:org.cisecurity:def:6461: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6461
CVE-2019-1132
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6428
Title:
oval:org.cisecurity:def:6428: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6428
CVE-2019-1169
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6429
Title:
oval:org.cisecurity:def:6429: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6429
CVE-2019-1178
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6430
Title:
oval:org.cisecurity:def:6430: HTTP/2 Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6430
CVE-2019-9511
Severity:
High
Description:
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6431
Title:
oval:org.cisecurity:def:6431: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6431
CVE-2019-0730
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to LUAFV.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6432
Title:
oval:org.cisecurity:def:6432: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6432
CVE-2019-1186
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6433
Title:
oval:org.cisecurity:def:6433: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6433
CVE-2019-1157
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6434
Title:
oval:org.cisecurity:def:6434: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6434
CVE-2019-0851
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6435
Title:
oval:org.cisecurity:def:6435: Remote Desktop Services Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6435
CVE-2019-1226
Severity:
Low
Description:
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6436
Title:
oval:org.cisecurity:def:6436: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6436
CVE-2019-0710
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6437
Title:
oval:org.cisecurity:def:6437: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6437
CVE-2019-0906
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6438
Title:
oval:org.cisecurity:def:6438: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6438
CVE-2019-1027
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6439
Title:
oval:org.cisecurity:def:6439: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6439
CVE-2019-0620
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6448
Title:
oval:org.cisecurity:def:6448: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6448
CVE-2019-0899
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6449
Title:
oval:org.cisecurity:def:6449: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6449
CVE-2019-0900
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6450
Title:
oval:org.cisecurity:def:6450: Windows Storage Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6450
CVE-2019-0998
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6451
Title:
oval:org.cisecurity:def:6451: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6451
CVE-2019-0974
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6452
Title:
oval:org.cisecurity:def:6452: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6452
CVE-2019-1175
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the psmsrv.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6453
Title:
oval:org.cisecurity:def:6453: Microsoft Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6453
CVE-2019-1078
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6462
Title:
oval:org.cisecurity:def:6462: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6462
CVE-2019-1129
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6463
Title:
oval:org.cisecurity:def:6463: DirectX Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6463
CVE-2019-0837
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6464
Title:
oval:org.cisecurity:def:6464: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6464
CVE-2019-1214
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6465
Title:
oval:org.cisecurity:def:6465: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6465
CVE-2019-0895
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6466
Title:
oval:org.cisecurity:def:6466: Windows Shell Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6466
CVE-2019-1053
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system. The security update addresses the vulnerability by correctly validating folder shortcuts.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6467
Title:
oval:org.cisecurity:def:6467: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6467
CVE-2019-1252
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6468
Title:
oval:org.cisecurity:def:6468: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6468
CVE-2019-1173
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6469
Title:
oval:org.cisecurity:def:6469: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6469
CVE-2019-1060
Severity:
Low
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6470
Title:
oval:org.cisecurity:def:6470: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6470
CVE-2019-1125
Severity:
Low
Description:
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6471
Title:
oval:org.cisecurity:def:6471: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6471
CVE-2019-1277
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges when used in conjunction with another vulnerability. To exploit the vulnerability, an attacker could run a specially crafted application locally. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles these parameters.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6472
Title:
oval:org.cisecurity:def:6472: Windows ALPC Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6472
CVE-2019-1162
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6473
Title:
oval:org.cisecurity:def:6473: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6473
CVE-2019-0702
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6474
Title:
oval:org.cisecurity:def:6474: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6474
CVE-2019-1064
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6475
Title:
oval:org.cisecurity:def:6475: Windows File Signature Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6475
CVE-2019-1163
Severity:
Medium
Description:
A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6476
Title:
oval:org.cisecurity:def:6476: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6476
CVE-2019-1046
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6477
Title:
oval:org.cisecurity:def:6477: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6477
CVE-2019-0732
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6478
Title:
oval:org.cisecurity:def:6478: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6478
CVE-2019-0696
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6479
Title:
oval:org.cisecurity:def:6479: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6479
CVE-2019-0889
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6480
Title:
oval:org.cisecurity:def:6480: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6480
CVE-2019-0717
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6481
Title:
oval:org.cisecurity:def:6481: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6481
CVE-2019-1286
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6482
Title:
oval:org.cisecurity:def:6482: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6482
CVE-2019-0909
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6483
Title:
oval:org.cisecurity:def:6483: ADFS Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6483
CVE-2019-0975
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6484
Title:
oval:org.cisecurity:def:6484: Windows Error Reporting Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6484
CVE-2019-1315
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles hard links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6485
Title:
oval:org.cisecurity:def:6485: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6485
CVE-2019-1180
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6486
Title:
oval:org.cisecurity:def:6486: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6486
CVE-2019-1143
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6487
Title:
oval:org.cisecurity:def:6487: Windows Imaging API Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6487
CVE-2019-1311
Severity:
Low
Description:
A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted .WIM file. The update addresses the vulnerability by modifying how the WIM service handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6488
Title:
oval:org.cisecurity:def:6488: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6488
CVE-2019-1086
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6489
Title:
oval:org.cisecurity:def:6489: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6489
CVE-2019-1230
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how the Windows Hyper-V Network Switch validates guest operating system user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6490
Title:
oval:org.cisecurity:def:6490: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6490
CVE-2019-0754
Severity:
Medium
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6491
Title:
oval:org.cisecurity:def:6491: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6491
CVE-2019-1121
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6492
Title:
oval:org.cisecurity:def:6492: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6492
CVE-2019-1253
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Server handles junctions.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6493
Title:
oval:org.cisecurity:def:6493: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6493
CVE-2019-0795
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6494
Title:
oval:org.cisecurity:def:6494: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6494
CVE-2019-0701
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6495
Title:
oval:org.cisecurity:def:6495: Windows ALPC Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6495
CVE-2019-1269
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6496
Title:
oval:org.cisecurity:def:6496: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6496
CVE-2019-0890
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6497
Title:
oval:org.cisecurity:def:6497: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6497
CVE-2019-1322
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6498
Title:
oval:org.cisecurity:def:6498: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6498
CVE-2019-0685
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6499
Title:
oval:org.cisecurity:def:6499: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6499
CVE-2019-1340
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by not permitting Windows AppX Deployment Server to create files in arbitrary locations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6500
Title:
oval:org.cisecurity:def:6500: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6500
CVE-2019-0814
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6501
Title:
oval:org.cisecurity:def:6501: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6501
CVE-2019-1172
Severity:
Medium
Description:
An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would have to trick a user into browsing to a specially crafted website, allowing the attacker to steal the user's token. The security update addresses the vulnerability by correcting how MSA handles cookies.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6502
Title:
oval:org.cisecurity:def:6502: Microsoft Windows Update Client Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6502
CVE-2019-1336
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by enabling the Windows Update client to properly handle user privileges.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6503
Title:
oval:org.cisecurity:def:6503: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6503
CVE-2019-1240
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6504
Title:
oval:org.cisecurity:def:6504: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6504
CVE-2019-0805
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to LUAFV.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6505
Title:
oval:org.cisecurity:def:6505: Windows WLAN Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6505
CVE-2019-1085
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wlansvc.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6506
Title:
oval:org.cisecurity:def:6506: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6506
CVE-2019-1022
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6507
Title:
oval:org.cisecurity:def:6507: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6507
CVE-2019-0904
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6508
Title:
oval:org.cisecurity:def:6508: LNK Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6508
CVE-2019-1280
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system. The security update addresses the vulnerability by correcting the processing of shortcut LNK references.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6510
Title:
oval:org.cisecurity:def:6510: Active Directory Federation Services XSS Vulnerability
Type:
Software
Bulletins:
CISEC:6510
CVE-2019-1273
Severity:
Low
Description:
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the ADFS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that ADFS error handling properly sanitizes error messages.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6511
Title:
oval:org.cisecurity:def:6511: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6511
CVE-2019-0849
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6512
Title:
oval:org.cisecurity:def:6512: Remote Desktop Services Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6512
CVE-2019-1182
Severity:
Low
Description:
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6513
Title:
oval:org.cisecurity:def:6513: Windows Transaction Manager Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6513
CVE-2019-1219
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application. The security update addresses the vulnerability by correcting how the Transaction Manager handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6514
Title:
oval:org.cisecurity:def:6514: HTTP/2 Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6514
CVE-2019-9514
Severity:
High
Description:
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6515
Title:
oval:org.cisecurity:def:6515: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6515
CVE-2019-0690
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6516
Title:
oval:org.cisecurity:def:6516: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6516
CVE-2019-0693
Severity:
Medium
Description:
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6517
Title:
oval:org.cisecurity:def:6517: Windows Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6517
CVE-2019-1254
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory. To exploit the vulnerability, an attacker would first require access to a Hyper-V host. The security update addresses the vulnerability by ensuring Hyper-V properly initializes memory before writing it to disk.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6518
Title:
oval:org.cisecurity:def:6518: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6518
CVE-2019-1096
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6380
Title:
oval:org.cisecurity:def:6380: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6380
CVE-2019-0898
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6381
Title:
oval:org.cisecurity:def:6381: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6381
CVE-2019-0973
Severity:
High
Description:
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6382
Title:
oval:org.cisecurity:def:6382: Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6382
CVE-2019-1267
Severity:
High
Description:
An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by writing the file to a location with an appropriate Access Control List.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6383
Title:
oval:org.cisecurity:def:6383: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6383
CVE-2019-1009
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6384
Title:
oval:org.cisecurity:def:6384: Windows DHCP Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6384
CVE-2019-0736
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6385
Title:
oval:org.cisecurity:def:6385: Active Directory Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6385
CVE-2019-0683
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an Active Directory forest. An attacker who successfully exploited this vulnerability could request delegation of a TGT for an identity from the trusted forest. This update addresses the vulnerability by ensuring new Active Directory Forest trusts disable TGT delegation by default. The update does not change existing TGT delegation configurations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6386
Title:
oval:org.cisecurity:def:6386: Microsoft Windows Transport Layer Security Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:6386
CVE-2019-1318
Severity:
Low
Description:
A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information. To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack. The update addresses the vulnerability by correcting how TLS client and server establish and resume sessions with non-EMS peers.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6327
Title:
oval:org.cisecurity:def:6327: VBScript Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6327
CVE-2019-1239
Severity:
Low
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.
Applies to:
Microsoft Internet Explorer 11
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6329
Title:
oval:org.cisecurity:def:6329: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:6329
CVE-2019-1371
Severity:
Low
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
Applies to:
Microsoft Internet Explorer 11
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6332
Title:
oval:org.cisecurity:def:6332: VBScript Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6332
CVE-2019-1238
Severity:
Low
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.
Applies to:
Microsoft Internet Explorer 11
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6342
Title:
oval:org.cisecurity:def:6342: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6342
CVE-2019-0968
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6343
Title:
oval:org.cisecurity:def:6343: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6343
CVE-2019-0882
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6344
Title:
oval:org.cisecurity:def:6344: Unified Write Filter Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6344
CVE-2019-0942
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry. An attacker who successfully exploited the vulnerability could make changes to the registry keys protected by UWF without having administrator privileges. To exploit the vulnerability, an attacker would have to log on to an affected system utilizing UWF and access the registry editor. The security update addresses the vulnerability by correcting how the Unified Write Filter verifies privileges when accessing the registry.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6345
Title:
oval:org.cisecurity:def:6345: Microsoft IIS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6345
CVE-2019-0941
Severity:
Medium
Description:
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering. The update addresses the vulnerability by changing the way certain requests are processed by the filter.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6346
Title:
oval:org.cisecurity:def:6346: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6346
CVE-2019-1345
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6347
Title:
oval:org.cisecurity:def:6347: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6347
CVE-2019-0802
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6348
Title:
oval:org.cisecurity:def:6348: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6348
CVE-2019-1363
Severity:
Low
Description:
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI handles memory addresses.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6349
Title:
oval:org.cisecurity:def:6349: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6349
CVE-2019-0767
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6350
Title:
oval:org.cisecurity:def:6350: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6350
CVE-2019-1130
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6351
Title:
oval:org.cisecurity:def:6351: Windows Media Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6351
CVE-2019-1271
Severity:
High
Description:
An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how hdAudio.sys stores the size of the reserved region.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6352
Title:
oval:org.cisecurity:def:6352: Microsoft Windows Store Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6352
CVE-2019-1270
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and add or remove files. The security update addresses the vulnerability by not allowing reparse points in the WindowsApps directory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6353
Title:
oval:org.cisecurity:def:6353: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6353
CVE-2019-0891
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6354
Title:
oval:org.cisecurity:def:6354: Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6354
CVE-2019-0720
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6355
Title:
oval:org.cisecurity:def:6355: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6355
CVE-2019-0734
Severity:
High
Description:
An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator. The update addresses this vulnerability by changing how these requests are validated.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6356
Title:
oval:org.cisecurity:def:6356: Windows Print Spooler Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6356
CVE-2019-0759
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory. An attacker who successfully exploited this vulnerability could use the information to further exploit the victim system. To exploit this vulnerability, an attacker would have to first gain execution on the victim system. The update addresses the vulnerability by correcting how the Windows Print Spooler handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6357
Title:
oval:org.cisecurity:def:6357: Windows NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6357
CVE-2019-1170
Severity:
High
Description:
An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6358
Title:
oval:org.cisecurity:def:6358: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6358
CVE-2019-1094
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6359
Title:
oval:org.cisecurity:def:6359: ADFS Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6359
CVE-2019-1126
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy. To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory. This security update corrects how ADFS handles external authentication requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6360
Title:
oval:org.cisecurity:def:6360: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6360
CVE-2019-1098
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6361
Title:
oval:org.cisecurity:def:6361: Windows DHCP Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6361
CVE-2019-0698
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6362
Title:
oval:org.cisecurity:def:6362: GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6362
CVE-2019-1102
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6363
Title:
oval:org.cisecurity:def:6363: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6363
CVE-2019-1152
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6364
Title:
oval:org.cisecurity:def:6364: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6364
CVE-2019-1146
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6366
Title:
oval:org.cisecurity:def:6366: HTTP/2 Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6366
CVE-2019-9513
Severity:
High
Description:
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6367
Title:
oval:org.cisecurity:def:6367: OLE Automation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6367
CVE-2019-0794
Severity:
High
Description:
A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke OLE automation through a web browser. However, an attacker would have to entice a user to visit such a website. The update addresses the vulnerability by correcting how OLE automation handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6368
Title:
oval:org.cisecurity:def:6368: Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6368
CVE-2019-0603
Severity:
High
Description:
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6369
Title:
oval:org.cisecurity:def:6369: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6369
CVE-2019-1256
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6370
Title:
oval:org.cisecurity:def:6370: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6370
CVE-2019-1047
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6371
Title:
oval:org.cisecurity:def:6371: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6371
CVE-2019-0614
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6372
Title:
oval:org.cisecurity:def:6372: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6372
CVE-2019-0848
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6373
Title:
oval:org.cisecurity:def:6373: Microsoft Graphics Components Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6373
CVE-2019-1283
Severity:
Low
Description:
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6374
Title:
oval:org.cisecurity:def:6374: Windows Secure Boot Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6374
CVE-2019-1294
Severity:
Low
Description:
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot. The security update addresses the vulnerability by preventing access to certain debugging options when Windows Secure Boot is enabled.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6375
Title:
oval:org.cisecurity:def:6375: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6375
CVE-2019-0775
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6376
Title:
oval:org.cisecurity:def:6376: Windows Error Reporting Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6376
CVE-2019-1342
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles process crashes.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6377
Title:
oval:org.cisecurity:def:6377: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6377
CVE-2019-0961
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6378
Title:
oval:org.cisecurity:def:6378: Remote Desktop Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6378
CVE-2019-1291
Severity:
High
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6379
Title:
oval:org.cisecurity:def:6379: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6379
CVE-2019-1241
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6387
Title:
oval:org.cisecurity:def:6387: Windows ActiveX Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6387
CVE-2019-0784
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the ActiveX Data objects handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6388
Title:
oval:org.cisecurity:def:6388: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6388
CVE-2019-1017
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6389
Title:
oval:org.cisecurity:def:6389: Hyper-V vSMB Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6389
CVE-2019-0786
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system. To exploit these vulnerabilities, an attacker running inside a virtual machine could run a specially crafted application that could cause the Hyper-V host operating system to execute arbitrary code. The update addresses the vulnerabilities by correcting how Windows Hyper-V validates vSMB packet data.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6390
Title:
oval:org.cisecurity:def:6390: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6390
CVE-2019-1364
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6391
Title:
oval:org.cisecurity:def:6391: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6391
CVE-2019-0897
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6392
Title:
oval:org.cisecurity:def:6392: Windows Update Delivery Optimization Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6392
CVE-2019-1289
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has. To exploit this vulnerability, an attacker would need to log into a system. The attacker could then create a Delivery Optimization job to exploit the vulnerability. The security update addresses the vulnerability by correcting how the Delivery Optimization services enforces permissions.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6393
Title:
oval:org.cisecurity:def:6393: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6393
CVE-2019-0905
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6394
Title:
oval:org.cisecurity:def:6394: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6394
CVE-2019-1048
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6395
Title:
oval:org.cisecurity:def:6395: SymCrypt Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6395
CVE-2019-0865
Severity:
Medium
Description:
A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature. An attacker could exploit the vulnerability by creating a specially crafted connection or message. The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6396
Title:
oval:org.cisecurity:def:6396: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6396
CVE-2019-1362
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6397
Title:
oval:org.cisecurity:def:6397: Windows Error Reporting Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6397
CVE-2019-1339
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles hard links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6398
Title:
oval:org.cisecurity:def:6398: Windows Secure Boot Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6398
CVE-2019-1368
Severity:
Low
Description:
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory. To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot. The security update addresses the vulnerability by preventing access to certain debugging options when Windows Secure Boot is enabled.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6399
Title:
oval:org.cisecurity:def:6399: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6399
CVE-2019-1010
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6400
Title:
oval:org.cisecurity:def:6400: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6400
CVE-2019-0839
Severity:
Low
Description:
An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting how the Terminal Services component handle objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6401
Title:
oval:org.cisecurity:def:6401: LNK Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6401
CVE-2019-1188
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system. The security update addresses the vulnerability by correcting the processing of shortcut LNK references.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6402
Title:
oval:org.cisecurity:def:6402: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6402
CVE-2019-1227
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6403
Title:
oval:org.cisecurity:def:6403: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6403
CVE-2019-1145
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6404
Title:
oval:org.cisecurity:def:6404: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6404
CVE-2019-1359
Severity:
Low
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6405
Title:
oval:org.cisecurity:def:6405: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6405
CVE-2019-0709
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6406
Title:
oval:org.cisecurity:def:6406: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6406
CVE-2019-1284
Severity:
High
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6407
Title:
oval:org.cisecurity:def:6407: Windows dnsrlvr.dll Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6407
CVE-2019-1090
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6408
Title:
oval:org.cisecurity:def:6408: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6408
CVE-2019-0694
Severity:
Medium
Description:
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6409
Title:
oval:org.cisecurity:def:6409: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6409
CVE-2019-0716
Severity:
Medium
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6410
Title:
oval:org.cisecurity:def:6410: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6410
CVE-2019-1128
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6411
Title:
oval:org.cisecurity:def:6411: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6411
CVE-2019-0790
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6412
Title:
oval:org.cisecurity:def:6412: Windows Error Reporting Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6412
CVE-2019-0863
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges. To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system. The security update addresses the vulnerability by correcting the way WER handles files.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6413
Title:
oval:org.cisecurity:def:6413: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6413
CVE-2019-0877
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6414
Title:
oval:org.cisecurity:def:6414: Windows OLE Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6414
CVE-2019-0885
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, causing Windows to execute arbitrary code. The update addresses the vulnerability by correcting how Windows OLE validates user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6415
Title:
oval:org.cisecurity:def:6415: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6415
CVE-2019-1127
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6416
Title:
oval:org.cisecurity:def:6416: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6416
CVE-2019-1326
Severity:
Low
Description:
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6417
Title:
oval:org.cisecurity:def:6417: Windows DHCP Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6417
CVE-2019-1213
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6426
Title:
oval:org.cisecurity:def:6426: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6426
CVE-2019-0901
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6427
Title:
oval:org.cisecurity:def:6427: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6427
CVE-2019-1095
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6418
Title:
oval:org.cisecurity:def:6418: Windows Secure Kernel Mode Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6418
CVE-2019-1044
Severity:
High
Description:
A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL). The update addresses the vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory to properly enforce VTLs.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6419
Title:
oval:org.cisecurity:def:6419: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6419
CVE-2019-1101
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6420
Title:
oval:org.cisecurity:def:6420: Windows Error Reporting Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6420
CVE-2019-1037
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges. To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system. The security update addresses the vulnerability by correcting the way WER handles files.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6421
Title:
oval:org.cisecurity:def:6421: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6421
CVE-2019-1122
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6422
Title:
oval:org.cisecurity:def:6422: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6422
CVE-2019-1177
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the rpcss.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6423
Title:
oval:org.cisecurity:def:6423: Microsoft Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6423
CVE-2019-1019
Severity:
Medium
Description:
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6424
Title:
oval:org.cisecurity:def:6424: Local Security Authority Subsystem Service Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6424
CVE-2019-0972
Severity:
Medium
Description:
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6425
Title:
oval:org.cisecurity:def:6425: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6425
CVE-2019-1274
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel initializes memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6520
Title:
oval:org.cisecurity:def:6520: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6520
CVE-2019-1242
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6521
Title:
oval:org.cisecurity:def:6521: Windows DHCP Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6521
CVE-2019-1206
Severity:
Medium
Description:
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6522
Title:
oval:org.cisecurity:def:6522: Windows DHCP Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6522
CVE-2019-0697
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6523
Title:
oval:org.cisecurity:def:6523: Windows VBScript Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6523
CVE-2019-0842
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6524
Title:
oval:org.cisecurity:def:6524: Windows VBScript Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6524
CVE-2019-0772
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6525
Title:
oval:org.cisecurity:def:6525: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6525
CVE-2019-0836
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to LUAFV.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6526
Title:
oval:org.cisecurity:def:6526: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6526
CVE-2019-1118
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6527
Title:
oval:org.cisecurity:def:6527: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6527
CVE-2019-0756
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6519
Title:
oval:org.cisecurity:def:6519: Microsoft Windows Update Client Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6519
CVE-2019-1323
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by enabling the Windows Update client to properly handle user privileges.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6528
Title:
oval:org.cisecurity:def:6528: DirectWrite Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6528
CVE-2019-1244
Severity:
Medium
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6529
Title:
oval:org.cisecurity:def:6529: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6529
CVE-2019-1073
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6530
Title:
oval:org.cisecurity:def:6530: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6530
CVE-2019-1346
Severity:
Low
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6531
Title:
oval:org.cisecurity:def:6531: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6531
CVE-2019-0718
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6532
Title:
oval:org.cisecurity:def:6532: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6532
CVE-2019-1013
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6533
Title:
oval:org.cisecurity:def:6533: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6533
CVE-2019-0959
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6534
Title:
oval:org.cisecurity:def:6534: Winlogon Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6534
CVE-2019-1268
Severity:
High
Description:
An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how Winlogon handles path information.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6535
Title:
oval:org.cisecurity:def:6535: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6535
CVE-2019-0796
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. The update addresses the vulnerability by correcting how Windows handles calls to LUAFV.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6536
Title:
oval:org.cisecurity:def:6536: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6536
CVE-2019-1250
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6537
Title:
oval:org.cisecurity:def:6537: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6537
CVE-2019-0797
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6538
Title:
oval:org.cisecurity:def:6538: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6538
CVE-2019-1144
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6539
Title:
oval:org.cisecurity:def:6539: Windows Image Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6539
CVE-2019-1190
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6540
Title:
oval:org.cisecurity:def:6540: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6540
CVE-2019-1150
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6541
Title:
oval:org.cisecurity:def:6541: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6541
CVE-2019-1164
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6542
Title:
oval:org.cisecurity:def:6542: Windows NTLM Tampering Vulnerability
Type:
Software
Bulletins:
CISEC:6542
CVE-2019-1166
Severity:
Low
Description:
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature. The update addresses the vulnerability by hardening NTLM MIC protection on the server-side.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6543
Title:
oval:org.cisecurity:def:6543: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6543
CVE-2019-0966
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6544
Title:
oval:org.cisecurity:def:6544: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6544
CVE-2019-0859
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6545
Title:
oval:org.cisecurity:def:6545: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6545
CVE-2019-1159
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6546
Title:
oval:org.cisecurity:def:6546: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6546
CVE-2019-1116
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6547
Title:
oval:org.cisecurity:def:6547: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6547
CVE-2019-0892
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6548
Title:
oval:org.cisecurity:def:6548: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6548
CVE-2019-1016
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6549
Title:
oval:org.cisecurity:def:6549: DirectWrite Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6549
CVE-2019-1245
Severity:
Medium
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6550
Title:
oval:org.cisecurity:def:6550: Windows Error Reporting Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6550
CVE-2019-1319
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6551
Title:
oval:org.cisecurity:def:6551: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6551
CVE-2019-1124
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6552
Title:
oval:org.cisecurity:def:6552: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6552
CVE-2019-1292
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows handles symbolic links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6553
Title:
oval:org.cisecurity:def:6553: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6553
CVE-2019-1185
Severity:
Medium
Description:
An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6554
Title:
oval:org.cisecurity:def:6554: Windows Storage Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6554
CVE-2019-0983
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6555
Title:
oval:org.cisecurity:def:6555: Windows Network Connectivity Assistant Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6555
CVE-2019-1287
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Network Connectivity Assistant properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6556
Title:
oval:org.cisecurity:def:6556: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6556
CVE-2019-1021
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6557
Title:
oval:org.cisecurity:def:6557: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6557
CVE-2019-0977
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6558
Title:
oval:org.cisecurity:def:6558: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6558
CVE-2019-0682
Severity:
Medium
Description:
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6559
Title:
oval:org.cisecurity:def:6559: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6559
CVE-2019-0755
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6560
Title:
oval:org.cisecurity:def:6560: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6560
CVE-2019-1248
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6561
Title:
oval:org.cisecurity:def:6561: Windows DHCP Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6561
CVE-2019-0785
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6562
Title:
oval:org.cisecurity:def:6562: Microsoft Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6562
CVE-2019-1317
Severity:
Low
Description:
A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would allow an attacker to overwrite system files. The update addresses the vulnerability by correcting ACLs to system files.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6563
Title:
oval:org.cisecurity:def:6563: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6563
CVE-2019-1184
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting unprotected COM calls.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6564
Title:
oval:org.cisecurity:def:6564: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6564
CVE-2019-1039
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6565
Title:
oval:org.cisecurity:def:6565: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6565
CVE-2019-0821
Severity:
Medium
Description:
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, an attacker would have to be able to authenticate and send SMB messages to an impacted Windows SMB Server The security update addresses the vulnerability by correcting how Windows SMB Server handles authenticated requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6566
Title:
oval:org.cisecurity:def:6566: DirectWrite Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6566
CVE-2019-1251
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6567
Title:
oval:org.cisecurity:def:6567: DirectX Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6567
CVE-2019-1216
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6568
Title:
oval:org.cisecurity:def:6568: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6568
CVE-2019-1215
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6569
Title:
oval:org.cisecurity:def:6569: Microsoft unistore.dll Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6569
CVE-2019-1091
Severity:
Low
Description:
An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. To exploit this vulnerability, an authenticated attacker could run a specially crafted application in user mode. The update addresses the vulnerability by correcting how the Unistore.dll handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6570
Title:
oval:org.cisecurity:def:6570: DirectWrite Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6570
CVE-2019-1097
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6571
Title:
oval:org.cisecurity:def:6571: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6571
CVE-2019-0715
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6572
Title:
oval:org.cisecurity:def:6572: Remote Desktop Services Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6572
CVE-2019-1222
Severity:
Low
Description:
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6573
Title:
oval:org.cisecurity:def:6573: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6573
CVE-2019-0844
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6574
Title:
oval:org.cisecurity:def:6574: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6574
CVE-2019-0782
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel initializes memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6575
Title:
oval:org.cisecurity:def:6575: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6575
CVE-2019-1243
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6576
Title:
oval:org.cisecurity:def:6576: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6576
CVE-2019-0791
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6577
Title:
oval:org.cisecurity:def:6577: Remote Desktop Protocol Client Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6577
CVE-2019-1108
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP client initializes memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6578
Title:
oval:org.cisecurity:def:6578: Windows NDIS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6578
CVE-2019-0707
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. An attacker who successfully exploited this vulnerability could run processes in an elevated context. However, an attacker must first gain access to the local system with the ability to execute a malicious application in order to exploit this vulnerability. The security update addresses the vulnerability by changing how ndis.sys validates buffer length.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6579
Title:
oval:org.cisecurity:def:6579: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6579
CVE-2019-0774
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6580
Title:
oval:org.cisecurity:def:6580: Remote Desktop Services Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6580
CVE-2019-0887
Severity:
High
Description:
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker must already have compromised a system running Remote Desktop Services, and then wait for a victim system to connect to Remote Desktop Services. The update addresses the vulnerability by correcting how Remote Desktop Services handles clipboard redirection.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6581
Title:
oval:org.cisecurity:def:6581: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6581
CVE-2019-0689
Severity:
Medium
Description:
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6582
Title:
oval:org.cisecurity:def:6582: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6582
CVE-2019-0731
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to LUAFV.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6583
Title:
oval:org.cisecurity:def:6583: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6583
CVE-2019-0841
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6584
Title:
oval:org.cisecurity:def:6584: Windows ALPC Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6584
CVE-2019-1272
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6585
Title:
oval:org.cisecurity:def:6585: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6585
CVE-2019-1100
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6586
Title:
oval:org.cisecurity:def:6586: Windows CSRSS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6586
CVE-2019-0735
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows CSRSS handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6587
Title:
oval:org.cisecurity:def:6587: Microsoft Speech API Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6587
CVE-2019-0985
Severity:
Medium
Description:
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language. The update address the vulnerability by modifying how the system handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6588
Title:
oval:org.cisecurity:def:6588: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6588
CVE-2019-1156
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6589
Title:
oval:org.cisecurity:def:6589: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6589
CVE-2019-1088
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6590
Title:
oval:org.cisecurity:def:6590: Windows Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6590
CVE-2019-0695
Severity:
Medium
Description:
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6591
Title:
oval:org.cisecurity:def:6591: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6591
CVE-2019-1082
Severity:
High
Description:
An elevation of privilege vulnerability exists in Microsoft Windows where a certain DLL, with Local Service privilege, is vulnerable to race planting a customized DLL. An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM. The update addresses this vulnerability by requiring SYSTEM privileges for a certain DLL.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6592
Title:
oval:org.cisecurity:def:6592: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6592
CVE-2019-1026
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6593
Title:
oval:org.cisecurity:def:6593: Windows DHCP Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6593
CVE-2019-0726
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6594
Title:
oval:org.cisecurity:def:6594: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6594
CVE-2019-0960
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6595
Title:
oval:org.cisecurity:def:6595: Remote Desktop Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6595
CVE-2019-0787
Severity:
High
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6596
Title:
oval:org.cisecurity:def:6596: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6596
CVE-2019-1007
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6597
Title:
oval:org.cisecurity:def:6597: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6597
CVE-2019-0838
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. The security update addresses the vulnerability by changing how Task Scheduler handles credentials.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6598
Title:
oval:org.cisecurity:def:6598: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6598
CVE-2019-0758
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6599
Title:
oval:org.cisecurity:def:6599: Microsoft IIS Server Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6599
CVE-2019-1365
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox. The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6600
Title:
oval:org.cisecurity:def:6600: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6600
CVE-2019-0907
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6601
Title:
oval:org.cisecurity:def:6601: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6601
CVE-2019-1049
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6602
Title:
oval:org.cisecurity:def:6602: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6602
CVE-2019-0881
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel properly handles key enumeration.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6603
Title:
oval:org.cisecurity:def:6603: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6603
CVE-2019-0776
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6604
Title:
oval:org.cisecurity:def:6604: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6604
CVE-2019-1050
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6605
Title:
oval:org.cisecurity:def:6605: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6605
CVE-2019-0893
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6606
Title:
oval:org.cisecurity:def:6606: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6606
CVE-2019-0723
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6607
Title:
oval:org.cisecurity:def:6607: Windows TCP/IP Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6607
CVE-2019-0688
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to send specially crafted fragmented IP packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles fragmented IP packets.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6608
Title:
oval:org.cisecurity:def:6608: Microsoft Windows CloudStore Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6608
CVE-2019-1321
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL). An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows CloudStore handles DACLs.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6609
Title:
oval:org.cisecurity:def:6609: GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6609
CVE-2019-0903
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6680
Title:
oval:org.cisecurity:def:6680: Task Scheduler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6680
CVE-2019-1069
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6681
Title:
oval:org.cisecurity:def:6681: Microsoft Graphics Components Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6681
CVE-2019-1361
Severity:
Low
Description:
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6682
Title:
oval:org.cisecurity:def:6682: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6682
CVE-2019-0984
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6683
Title:
oval:org.cisecurity:def:6683: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6683
CVE-2019-1285
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6684
Title:
oval:org.cisecurity:def:6684: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6684
CVE-2019-1228
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6685
Title:
oval:org.cisecurity:def:6685: Windows Event Viewer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6685
CVE-2019-0948
Severity:
Medium
Description:
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6686
Title:
oval:org.cisecurity:def:6686: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6686
CVE-2019-1119
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6687
Title:
oval:org.cisecurity:def:6687: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6687
CVE-2019-1249
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6688
Title:
oval:org.cisecurity:def:6688: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6688
CVE-2019-1334
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6689
Title:
oval:org.cisecurity:def:6689: ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6689
CVE-2019-0888
Severity:
High
Description:
A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website. The security update addresses the vulnerability by modifying how ActiveX Data Objects handle objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6690
Title:
oval:org.cisecurity:def:6690: Remote Desktop Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6690
CVE-2019-0788
Severity:
High
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6691
Title:
oval:org.cisecurity:def:6691: Windows DNS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6691
CVE-2019-0811
Severity:
Medium
Description:
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive. To exploit the vulnerability, an unauthenticated attacker could send malicious DNS queries to an affected server, resulting in a denial of service. However, the DNS server must be configured to use DNS Analytical Logging for the attack to succeed. The update addresses the vulnerability by correcting how Windows DNS Server processes DNS queries.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6692
Title:
oval:org.cisecurity:def:6692: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6692
CVE-2019-0894
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6693
Title:
oval:org.cisecurity:def:6693: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6693
CVE-2019-1012
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6610
Title:
oval:org.cisecurity:def:6610: HTTP/2 Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6610
CVE-2019-9512
Severity:
High
Description:
A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP/2 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6611
Title:
oval:org.cisecurity:def:6611: Windows Update Client Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6611
CVE-2019-1337
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process. To exploit this vulnerability, an authenticated attacker could run a specially crafted application in user mode. The update addresses the vulnerability by correcting how the Windows Update Client handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6612
Title:
oval:org.cisecurity:def:6612: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6612
CVE-2019-1174
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6613
Title:
oval:org.cisecurity:def:6613: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6613
CVE-2019-0847
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6614
Title:
oval:org.cisecurity:def:6614: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6614
CVE-2019-0766
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by not permitting Windows AppX Deployment Server to create files in arbitrary locations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6615
Title:
oval:org.cisecurity:def:6615: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6615
CVE-2019-0965
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6616
Title:
oval:org.cisecurity:def:6616: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6616
CVE-2019-1028
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6617
Title:
oval:org.cisecurity:def:6617: Windows Code Integrity Module Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6617
CVE-2019-1344
Severity:
Low
Description:
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or convince a target to run a crafted application. The security update addresses the vulnerability by modifying how the Code Integrity Module handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6618
Title:
oval:org.cisecurity:def:6618: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6618
CVE-2019-0808
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6619
Title:
oval:org.cisecurity:def:6619: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6619
CVE-2019-0902
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6620
Title:
oval:org.cisecurity:def:6620: Microsoft splwow64 Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6620
CVE-2019-0880
Severity:
Medium
Description:
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6621
Title:
oval:org.cisecurity:def:6621: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6621
CVE-2019-0879
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6622
Title:
oval:org.cisecurity:def:6622: DirectWrite Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6622
CVE-2019-1093
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6623
Title:
oval:org.cisecurity:def:6623: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6623
CVE-2019-1117
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6624
Title:
oval:org.cisecurity:def:6624: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6624
CVE-2019-1014
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6625
Title:
oval:org.cisecurity:def:6625: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6625
CVE-2019-0928
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6626
Title:
oval:org.cisecurity:def:6626: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6626
CVE-2019-0840
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6627
Title:
oval:org.cisecurity:def:6627: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6627
CVE-2019-1278
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6628
Title:
oval:org.cisecurity:def:6628: Remote Desktop Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6628
CVE-2019-1333
Severity:
Low
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6629
Title:
oval:org.cisecurity:def:6629: Windows Network File System Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6629
CVE-2019-1045
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows NFS properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6630
Title:
oval:org.cisecurity:def:6630: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6630
CVE-2019-0908
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6631
Title:
oval:org.cisecurity:def:6631: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6631
CVE-2019-0703
Severity:
Medium
Description:
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, an attacker would have to be able to authenticate and send SMB messages to an impacted Windows SMB Server The security update addresses the vulnerability by correcting how Windows SMB Server handles authenticated requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6632
Title:
oval:org.cisecurity:def:6632: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6632
CVE-2019-0617
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6633
Title:
oval:org.cisecurity:def:6633: Windows SMB Client Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6633
CVE-2019-1293
Severity:
Low
Description:
An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. To exploit this vulnerability, an attacker would have to log on to the system first and then run a specially crafted application in user mode. The security update addresses the vulnerability by correcting how the Windows SMB Client kernel-mode driver handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6634
Title:
oval:org.cisecurity:def:6634: SymCrypt Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6634
CVE-2019-1171
Severity:
Low
Description:
An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability through a software change to the OAEP decoding operations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6635
Title:
oval:org.cisecurity:def:6635: Windows RPCSS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6635
CVE-2019-1089
Severity:
High
Description:
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6636
Title:
oval:org.cisecurity:def:6636: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6636
CVE-2019-0711
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6637
Title:
oval:org.cisecurity:def:6637: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6637
CVE-2019-0692
Severity:
Medium
Description:
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6638
Title:
oval:org.cisecurity:def:6638: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6638
CVE-2019-1176
Severity:
High
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6639
Title:
oval:org.cisecurity:def:6639: Windows Common Log File System Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6639
CVE-2019-1282
Severity:
Low
Description:
An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application. The security update addresses the vulnerability by correcting how CLFS handles sandbox checks.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6640
Title:
oval:org.cisecurity:def:6640: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6640
CVE-2019-0846
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6641
Title:
oval:org.cisecurity:def:6641: Windows User Profile Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6641
CVE-2019-0986
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6642
Title:
oval:org.cisecurity:def:6642: Remote Desktop Protocol Server Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6642
CVE-2019-1225
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6643
Title:
oval:org.cisecurity:def:6643: Remote Desktop Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6643
CVE-2019-1290
Severity:
High
Description:
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6644
Title:
oval:org.cisecurity:def:6644: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6644
CVE-2019-0896
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6645
Title:
oval:org.cisecurity:def:6645: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6645
CVE-2019-1223
Severity:
Medium
Description:
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6646
Title:
oval:org.cisecurity:def:6646: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6646
CVE-2019-1025
Severity:
High
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6647
Title:
oval:org.cisecurity:def:6647: Windows NTLM Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6647
CVE-2019-1338
Severity:
Low
Description:
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to be able to modify NTLM traffic exchange. The update addresses the vulnerability by hardening NTLMv2 protection on the server-side.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6648
Title:
oval:org.cisecurity:def:6648: XmlLite Runtime Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6648
CVE-2019-1187
Severity:
Medium
Description:
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6649
Title:
oval:org.cisecurity:def:6649: Windows Text Service Framework Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6649
CVE-2019-1235
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses this vulnerability by correcting how the TSF server and client validate input from each other.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6650
Title:
oval:org.cisecurity:def:6650: Windows ALPC Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6650
CVE-2019-0943
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6651
Title:
oval:org.cisecurity:def:6651: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6651
CVE-2019-0663
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6652
Title:
oval:org.cisecurity:def:6652: Windows IOleCvt Interface Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6652
CVE-2019-0845
Severity:
High
Description:
A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The update addresses the vulnerability by correcting methods exposed when the IOleCvt interface is invoked.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6653
Title:
oval:org.cisecurity:def:6653: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6653
CVE-2019-1074
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6654
Title:
oval:org.cisecurity:def:6654: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6654
CVE-2019-1303
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Server handles junctions.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6655
Title:
oval:org.cisecurity:def:6655: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6655
CVE-2019-1179
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6656
Title:
oval:org.cisecurity:def:6656: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6656
CVE-2019-1343
Severity:
Low
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6657
Title:
oval:org.cisecurity:def:6657: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6657
CVE-2019-1120
Severity:
High
Description:
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6658
Title:
oval:org.cisecurity:def:6658: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6658
CVE-2019-1158
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6659
Title:
oval:org.cisecurity:def:6659: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6659
CVE-2019-1320
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6660
Title:
oval:org.cisecurity:def:6660: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6660
CVE-2019-1041
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6661
Title:
oval:org.cisecurity:def:6661: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6661
CVE-2019-1099
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6662
Title:
oval:org.cisecurity:def:6662: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6662
CVE-2019-1065
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6663
Title:
oval:org.cisecurity:def:6663: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6663
CVE-2019-0803
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6664
Title:
oval:org.cisecurity:def:6664: Windows Storage Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6664
CVE-2019-0931
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6665
Title:
oval:org.cisecurity:def:6665: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6665
CVE-2019-1057
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6666
Title:
oval:org.cisecurity:def:6666: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6666
CVE-2019-0713
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. The security update addresses the vulnerability by resolving a number of conditions where Hyper-V would fail to prevent a guest operating system from sending malicious requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6667
Title:
oval:org.cisecurity:def:6667: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6667
CVE-2019-0704
Severity:
Medium
Description:
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerability, an attacker would have to be able to authenticate and send SMB messages to an impacted Windows SMB Server The security update addresses the vulnerability by correcting how Windows SMB Server handles authenticated requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6668
Title:
oval:org.cisecurity:def:6668: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6668
CVE-2019-0793
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6669
Title:
oval:org.cisecurity:def:6669: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6669
CVE-2019-1198
Severity:
High
Description:
An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the SyncController.dll handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6670
Title:
oval:org.cisecurity:def:6670: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6670
CVE-2019-1247
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6671
Title:
oval:org.cisecurity:def:6671: Remote Desktop Services Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6671
CVE-2019-0708
Severity:
Low
Description:
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6672
Title:
oval:org.cisecurity:def:6672: Windows Audio Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6672
CVE-2019-1087
Severity:
Medium
Description:
An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6673
Title:
oval:org.cisecurity:def:6673: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6673
CVE-2019-1147
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6674
Title:
oval:org.cisecurity:def:6674: Remote Desktop Services Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6674
CVE-2019-1181
Severity:
Low
Description:
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6675
Title:
oval:org.cisecurity:def:6675: Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6675
CVE-2019-1325
Severity:
Low
Description:
An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems. When this vulnerability is exploited within other versions of Windows it can cause a denial of service, but not an elevation of privilege. To exploit this vulnerability, a low-level authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how rdbss.sys handles these local calls.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6676
Title:
oval:org.cisecurity:def:6676: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:6676
CVE-2019-1347
Severity:
Low
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6677
Title:
oval:org.cisecurity:def:6677: Windows Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6677
CVE-2019-0886
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6678
Title:
oval:org.cisecurity:def:6678: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6678
CVE-2019-1015
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6679
Title:
oval:org.cisecurity:def:6679: Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6679
CVE-2019-0856
Severity:
High
Description:
A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could take control of an affected system. To exploit the vulnerability, an authenticated attacker could connect via the Windows Remote Registry Service, causing Windows to execute arbitrary code. The security update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6694
Title:
oval:org.cisecurity:def:6694: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6694
CVE-2019-0792
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6695
Title:
oval:org.cisecurity:def:6695: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6695
CVE-2019-1358
Severity:
Low
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6696
Title:
oval:org.cisecurity:def:6696: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6696
CVE-2019-1067
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6697
Title:
oval:org.cisecurity:def:6697: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6697
CVE-2019-1071
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CISEC:6698
Title:
oval:org.cisecurity:def:6698: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6698
CVE-2019-0936
Severity:
High
Description:
An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows handles symbolic links.
Applies to:
Created:
2019-12-06
Updated:
2020-08-13

ID:
CVE-2019-13962
Title:
VLC avcodec picture copy heap-buffer-overflow
Type:
Software
Bulletins:
CVE-2019-13962
Severity:
Critical
Description:
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height."
Applies to:
VLC
Created:
2019-07-26
Updated:
2019-07-26

ID:
CISEC:5914
Title:
oval:org.cisecurity:def:5914: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5914
CVE-2019-0625
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5915
Title:
oval:org.cisecurity:def:5915: Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5915
CVE-2018-8476
Severity:
Low
Description:
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5916
Title:
oval:org.cisecurity:def:5916: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5916
CVE-2018-8649
Severity:
Medium
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5917
Title:
oval:org.cisecurity:def:5917: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5917
CVE-2018-8408
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5918
Title:
oval:org.cisecurity:def:5918: Windows Registry Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5918
CVE-2018-8410
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5919
Title:
oval:org.cisecurity:def:5919: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5919
CVE-2019-0632
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5920
Title:
oval:org.cisecurity:def:5920: Windows SMB Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5920
CVE-2019-0633
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an authenticated attacker could send a specially crafted packet to a targeted SMBv2 server. The security update addresses the vulnerability by correcting how SMBv2 handles these specially crafted requests.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5921
Title:
oval:org.cisecurity:def:5921: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5921
CVE-2019-0536
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5922
Title:
oval:org.cisecurity:def:5922: Windows COM Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5922
CVE-2018-8550
Severity:
Medium
Description:
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how Windows COM Marshaler processes interface requests.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5923
Title:
oval:org.cisecurity:def:5923: Windows Search Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5923
CVE-2018-8450
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote authenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer. The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5924
Title:
oval:org.cisecurity:def:5924: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5924
CVE-2019-0631
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5925
Title:
oval:org.cisecurity:def:5925: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5925
CVE-2019-0579
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5926
Title:
oval:org.cisecurity:def:5926: Windows TCP/IP Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5926
CVE-2018-8493
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to send specially crafted fragmented IP packets to a remote Windows computer. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles fragmented IP packets.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5927
Title:
oval:org.cisecurity:def:5927: Remote Procedure Call runtime Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5927
CVE-2018-8407
Severity:
Low
Description:
An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Remote Procedure Call runtime i initializes objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5928
Title:
oval:org.cisecurity:def:5928: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5928
CVE-2018-8497
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5929
Title:
oval:org.cisecurity:def:5929: Windows Media Player Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5929
CVE-2018-8481
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially crafted hyperlink. The update addresses the vulnerability by changing the way Windows Media Player discloses file information.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5930
Title:
oval:org.cisecurity:def:5930: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5930
CVE-2018-8622
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5931
Title:
oval:org.cisecurity:def:5931: Windows Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5931
CVE-2019-0635
Severity:
Medium
Description:
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5932
Title:
oval:org.cisecurity:def:5932: Windows Media Player Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5932
CVE-2018-8482
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially crafted hyperlink. The update addresses the vulnerability by changing the way Windows Media Player discloses file information.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5933
Title:
oval:org.cisecurity:def:5933: Active Directory Federation Services XSS Vulnerability
Type:
Software
Bulletins:
CISEC:5933
CVE-2018-8547
Severity:
Low
Description:
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected AD FS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the AD FS site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that the open source customization for AD FS properly sanitizes web requests.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5934
Title:
oval:org.cisecurity:def:5934: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5934
CVE-2018-8562
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5935
Title:
oval:org.cisecurity:def:5935: Windows Storage Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5935
CVE-2019-0659
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the Storage Services handles file operations.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5936
Title:
oval:org.cisecurity:def:5936: Cortana Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5936
CVE-2018-8140
Severity:
Medium
Description:
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. To exploit the vulnerability, an attacker would require physical/console access and the system would need to have Cortana assistance enabled. The security update addresses the vulnerability by ensuring Cortana considers status when retrieves information from input services.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5937
Title:
oval:org.cisecurity:def:5937: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5937
CVE-2019-0636
Severity:
Low
Description:
An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application. The update addresses the vulnerability by changing the way Windows discloses file information.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5938
Title:
oval:org.cisecurity:def:5938: Windows Data Sharing Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5938
CVE-2019-0573
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5939
Title:
oval:org.cisecurity:def:5939: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5939
CVE-2019-0597
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5940
Title:
oval:org.cisecurity:def:5940: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5940
CVE-2019-0602
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5941
Title:
oval:org.cisecurity:def:5941: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5941
CVE-2018-8596
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5942
Title:
oval:org.cisecurity:def:5942: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5942
CVE-2019-0576
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5943
Title:
oval:org.cisecurity:def:5943: Microsoft Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5943
CVE-2019-0543
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way Windows handles authentication requests.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5944
Title:
oval:org.cisecurity:def:5944: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5944
CVE-2019-0621
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5945
Title:
oval:org.cisecurity:def:5945: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5945
CVE-2018-8423
Severity:
High
Description:
A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, a user must open/import a specially crafted Microsoft JET Database Engine file. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user, and then convince the user to open the file. The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5946
Title:
oval:org.cisecurity:def:5946: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5946
CVE-2019-0549
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5947
Title:
oval:org.cisecurity:def:5947: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5947
CVE-2018-8330
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5948
Title:
oval:org.cisecurity:def:5948: Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5948
CVE-2018-8475
Severity:
Medium
Description:
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to download an image file. The update addresses the vulnerability by properly handling image files.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5949
Title:
oval:org.cisecurity:def:5949: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5949
CVE-2018-8554
Severity:
High
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5950
Title:
oval:org.cisecurity:def:5950: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5950
CVE-2018-8489
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5951
Title:
oval:org.cisecurity:def:5951: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5951
CVE-2019-0616
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5952
Title:
oval:org.cisecurity:def:5952: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5952
CVE-2019-0599
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5953
Title:
oval:org.cisecurity:def:5953: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5953
CVE-2019-0584
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5954
Title:
oval:org.cisecurity:def:5954: HID Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5954
CVE-2019-0601
Severity:
Low
Description:
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victim’s system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the HID component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5955
Title:
oval:org.cisecurity:def:5955: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5955
CVE-2019-0596
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5956
Title:
oval:org.cisecurity:def:5956: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5956
CVE-2019-0551
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5957
Title:
oval:org.cisecurity:def:5957: Windows DHCP Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5957
CVE-2019-0626
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5958
Title:
oval:org.cisecurity:def:5958: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5958
CVE-2019-0550
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5959
Title:
oval:org.cisecurity:def:5959: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5959
CVE-2019-0575
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5960
Title:
oval:org.cisecurity:def:5960: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5960
CVE-2019-0595
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5961
Title:
oval:org.cisecurity:def:5961: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5961
CVE-2018-8437
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The update addresses the vulnerability by modifying how virtual machines access the Hyper-V Network Switch.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5962
Title:
oval:org.cisecurity:def:5962: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5962
CVE-2018-8485
Severity:
High
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5963
Title:
oval:org.cisecurity:def:5963: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5963
CVE-2019-0598
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5964
Title:
oval:org.cisecurity:def:5964: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5964
CVE-2019-0615
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5965
Title:
oval:org.cisecurity:def:5965: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5965
CVE-2019-0661
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5966
Title:
oval:org.cisecurity:def:5966: Windows COM Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5966
CVE-2019-0552
Severity:
Medium
Description:
An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how Windows COM Desktop Broker processes interface requests.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5967
Title:
oval:org.cisecurity:def:5967: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5967
CVE-2018-8205
Severity:
Medium
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5968
Title:
oval:org.cisecurity:def:5968: Windows Subsystem for Linux Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5968
CVE-2019-0553
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. A attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5969
Title:
oval:org.cisecurity:def:5969: Microsoft XmlDocument Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5969
CVE-2019-0555
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how the Microsoft XmlDocument class enforces sandboxing.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5970
Title:
oval:org.cisecurity:def:5970: Windows Defender Firewall Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5970
CVE-2019-0637
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections. This vulnerability occurs when Windows is connected to both an ethernet network and a cellular network. An attacker would have no way to trigger this vulnerability remotely, and this vulnerability by itself does not allow Windows to be exploited. This update addresses the behavior by correcting how Windows Defender Firewall handles firewall profiles when ethernet and cellular network connections are both present.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5971
Title:
oval:org.cisecurity:def:5971: Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5971
CVE-2018-8612
Severity:
Low
Description:
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5972
Title:
oval:org.cisecurity:def:5972: Windows VBScript Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5972
CVE-2018-8544
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5973
Title:
oval:org.cisecurity:def:5973: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5973
CVE-2018-8468
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows that allows a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability could allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges when code execution is attempted. The security update addresses the vulnerability by correcting how Windows parses files.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5974
Title:
oval:org.cisecurity:def:5974: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5974
CVE-2019-0660
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5975
Title:
oval:org.cisecurity:def:5975: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5975
CVE-2019-0619
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5976
Title:
oval:org.cisecurity:def:5976: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5976
CVE-2019-0664
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5977
Title:
oval:org.cisecurity:def:5977: Windows Data Sharing Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5977
CVE-2019-0572
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5978
Title:
oval:org.cisecurity:def:5978: Microsoft Graphics Components Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5978
CVE-2018-8553
Severity:
High
Description:
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5979
Title:
oval:org.cisecurity:def:5979: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5979
CVE-2018-8565
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5980
Title:
oval:org.cisecurity:def:5980: Windows SMB Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5980
CVE-2019-0630
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most situations, an authenticated attacker could send a specially crafted packet to a targeted SMBv2 server. The security update addresses the vulnerability by correcting how SMBv2 handles these specially crafted requests.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5981
Title:
oval:org.cisecurity:def:5981: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5981
CVE-2018-8477
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5982
Title:
oval:org.cisecurity:def:5982: Microsoft Text-To-Speech Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5982
CVE-2018-8634
Severity:
High
Description:
A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correcting how the Microsoft text-to-speech handles objects in the memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5983
Title:
oval:org.cisecurity:def:5983: Windows Code Integrity Module Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5983
CVE-2018-1040
Severity:
Medium
Description:
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. An attacker could host a specially crafted file in a website or SMB share. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how the Code Integrity Module performs hashing.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5984
Title:
oval:org.cisecurity:def:5984: Windows Runtime Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5984
CVE-2019-0570
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5985
Title:
oval:org.cisecurity:def:5985: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5985
CVE-2019-0578
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5986
Title:
oval:org.cisecurity:def:5986: Windows Storage Services Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5986
CVE-2018-0983
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how Storage Services handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5987
Title:
oval:org.cisecurity:def:5987: HID Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5987
CVE-2019-0600
Severity:
Low
Description:
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victim’s system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application. The security update addresses the vulnerability by correcting how the HID component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5988
Title:
oval:org.cisecurity:def:5988: Windows DNS Server Heap Overflow Vulnerability
Type:
Software
Bulletins:
CISEC:5988
CVE-2018-8626
Severity:
Low
Description:
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5989
Title:
oval:org.cisecurity:def:5989: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5989
CVE-2018-8641
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5990
Title:
oval:org.cisecurity:def:5990: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5990
CVE-2019-0623
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5991
Title:
oval:org.cisecurity:def:5991: Windows Elevation Of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5991
CVE-2018-8592
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc.) with the “keep nothing” option selected during installation. Successful exploitation of the vulnerability could allow an attacker to gain local access to an affected system. To exploit the vulnerability, an attacker would need physical access to the console of the affected system. The update addresses the vulnerability by changing built-in account behavior after the setup process completes. For recommendations on managing the local administrator accounts, please see Implementing Least-Privilege Administrative Models
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5992
Title:
oval:org.cisecurity:def:5992: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5992
CVE-2019-0569
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5993
Title:
oval:org.cisecurity:def:5993: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5993
CVE-2019-0628
Severity:
Low
Description:
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5994
Title:
oval:org.cisecurity:def:5994: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5994
CVE-2019-0627
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5995
Title:
oval:org.cisecurity:def:5995: MS XML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5995
CVE-2018-8420
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5996
Title:
oval:org.cisecurity:def:5996: Windows Theme API Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5996
CVE-2018-8413
Severity:
High
Description:
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, a victim user must open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by helping to ensure that "Windows Theme API" properly decompresses files.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5997
Title:
oval:org.cisecurity:def:5997: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5997
CVE-2018-8549
Severity:
Low
Description:
A security feature bypass exists when Windows incorrectly validates kernel driver signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed drivers into the kernel. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed drivers from being loaded by the kernel. The update addresses the vulnerability by correcting how Windows validates kernel driver signatures.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5998
Title:
oval:org.cisecurity:def:5998: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5998
CVE-2018-8595
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5999
Title:
oval:org.cisecurity:def:5999: Microsoft JScript Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5999
CVE-2018-8417
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. To exploit the vulnerability, an attacker would first have to access the local machine, and run a specially crafted application to create arbitrary COM objects. The update addresses the vulnerability by correcting how Microsoft JScript manages COM object creation.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6000
Title:
oval:org.cisecurity:def:6000: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6000
CVE-2019-0583
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6001
Title:
oval:org.cisecurity:def:6001: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6001
CVE-2019-0580
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6002
Title:
oval:org.cisecurity:def:6002: DirectX Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6002
CVE-2018-8638
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6003
Title:
oval:org.cisecurity:def:6003: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6003
CVE-2018-8637
Severity:
Low
Description:
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6004
Title:
oval:org.cisecurity:def:6004: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6004
CVE-2018-8490
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6005
Title:
oval:org.cisecurity:def:6005: Windows Shell Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6005
CVE-2018-8495
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attack requires specific user interaction which an attacker would need to trick the user into performing. There is no way an attacker could exploit the vulnerability without the user performing the specific action. The security update addresses the vulnerability by modifying how Windows Shell handles URIs.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6006
Title:
oval:org.cisecurity:def:6006: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6006
CVE-2019-0577
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6007
Title:
oval:org.cisecurity:def:6007: Microsoft Cortana Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6007
CVE-2018-8253
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen. An attacker who successfully exploited the vulnerability could steal browser stored passwords or log on to websites as another user. To exploit the vulnerability, an attacker would require physical access to the console and the system must have Microsoft Cortana assistance enabled. The security update addresses the vulnerability by preventing Microsoft Cortana from allowing arbitrary website browsing on the lockscreen.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6008
Title:
oval:org.cisecurity:def:6008: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6008
CVE-2018-0977
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6009
Title:
oval:org.cisecurity:def:6009: Windows Data Sharing Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6009
CVE-2019-0571
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6010
Title:
oval:org.cisecurity:def:6010: Jet Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6010
CVE-2019-0581
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6011
Title:
oval:org.cisecurity:def:6011: Windows DHCP Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6011
CVE-2019-0547
Severity:
High
Description:
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6012
Title:
oval:org.cisecurity:def:6012: Remote Procedure Call runtime Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6012
CVE-2018-8514
Severity:
Low
Description:
An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Remote Procedure Call runtime i initializes objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6013
Title:
oval:org.cisecurity:def:6013: Microsoft Filter Manager Elevation Of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6013
CVE-2018-8333
Severity:
Medium
Description:
An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, an attacker would first have to log on to a target system and then delete a specially crafted file. The security update addresses the vulnerability by correcting how Filter Manager handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6014
Title:
oval:org.cisecurity:def:6014: Windows Data Sharing Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6014
CVE-2019-0574
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6015
Title:
oval:org.cisecurity:def:6015: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6015
CVE-2019-0554
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6016
Title:
oval:org.cisecurity:def:6016: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6016
CVE-2019-0656
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6017
Title:
oval:org.cisecurity:def:6017: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:6017
CVE-2018-8492
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy. The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6018
Title:
oval:org.cisecurity:def:6018: GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6018
CVE-2019-0618
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6019
Title:
oval:org.cisecurity:def:6019: GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:6019
CVE-2019-0662
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6020
Title:
oval:org.cisecurity:def:6020: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:6020
CVE-2018-8621
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:6021
Title:
oval:org.cisecurity:def:6021: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:6021
CVE-2018-8639
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Applies to:
Created:
2019-03-29
Updated:
2020-08-13

ID:
CISEC:5860
Title:
oval:org.cisecurity:def:5860: Vulnerability
Type:
Software
Bulletins:
CISEC:5860
CVE-2018-8611
Severity:
High
Description:
CVE-2018-8611 | Windows Kernel Elevation of Privilege Vulnerability
Applies to:
Created:
2019-01-11
Updated:
2020-08-13